logo

Database

Server side template injection In semantic-kernel

Description

Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable to remote code execution

Impact:

An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality.

Patches:

The problem has been fixed in python-1.39.4. Users should upgrade this version or higher.

Workarounds:

Avoid using InMemoryVectorStore for production scenarios.

References:

Release python-1.39.4 · microsoft/semantic-kernel · GitHub PR to block use of dangerous attribute names that must not be accessed in filter expressions

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem
Package
Affected version
Patched versions

Aliases

1. CVE-2026-260302. NVD-2026-260303. OSV-2026-260304. GHSA-xjw9-4gw8-4rqx5. GCVE-2026-26030

References

1. https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-xjw9-4gw8-4rqx2. https://github.com/microsoft/semantic-kernel/pull/135053. https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.