Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
10.0
Microsoft Semantic Kernel Python SDK InMemoryVectorStore allows hackers to take control of your server
CVE-2026-26030
GHSA-xjw9-4gw8-4rqx
Summary
A security flaw in Microsoft's Semantic Kernel Python SDK allows hackers to potentially take control of your server if you're using a specific feature. To fix this, update to version 1.39.4 or later of the SDK. If you can't update, avoid using the affected feature for now.
What to do
- Update semantic-kernel to version 1.39.4.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| – | semantic-kernel | <= 1.39.4 | 1.39.4 |
| microsoft | semantic_kernel | <= 1.39.4 | – |
Original title
Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution
Original description
### Impact:
An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the `InMemoryVectorStore` filter functionality.
### Patches:
The problem has been fixed in [python-1.39.4](https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4). Users should upgrade this version or higher.
### Workarounds:
Avoid using `InMemoryVectorStore` for production scenarios.
### References:
[Release python-1.39.4 · microsoft/semantic-kernel · GitHub](https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4)
[PR to block use of dangerous attribute names that must not be accessed in filter expressions](https://github.com/microsoft/semantic-kernel/pull/13505)
An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the `InMemoryVectorStore` filter functionality.
### Patches:
The problem has been fixed in [python-1.39.4](https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4). Users should upgrade this version or higher.
### Workarounds:
Avoid using `InMemoryVectorStore` for production scenarios.
### References:
[Release python-1.39.4 · microsoft/semantic-kernel · GitHub](https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4)
[PR to block use of dangerous attribute names that must not be accessed in filter expressions](https://github.com/microsoft/semantic-kernel/pull/13505)
nvd CVSS3.1
9.9
Vulnerability type
CWE-94
Code Injection
- https://github.com/microsoft/semantic-kernel/pull/13505 Issue Tracking Patch
- https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4 Release Notes
- https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-xjw9-4gw8-... Patch Vendor Advisory
- https://nvd.nist.gov/vuln/detail/CVE-2026-26030
- https://github.com/advisories/GHSA-xjw9-4gw8-4rqx
Published: 19 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026