VYPR
Critical severityNVD Advisory· Published Feb 19, 2026· Updated Feb 26, 2026

Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

CVE-2026-26030

Description

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the InMemoryVectorStore filter functionality. The problem has been fixed in version python-1.39.4. Users should upgrade this version or higher. As a workaround, avoid using InMemoryVectorStore for production scenarios.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
semantic-kernelPyPI
< 1.39.41.39.4

Affected products

2

Patches

Vulnerability mechanics

References

6

News mentions

3