Vulnerability Details CVE-2026-26030
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 22.1%
CVSS Severity
CVSS v3 Score 9.9
References
Products affected by CVE-2026-26030
-
cpe:2.3:a:microsoft:semantic_kernel:*