Lookup for vulnerable packages by Package URL.
| Purl | pkg:pypi/semantic-kernel@0.9.4b1 |
|---|
| Type | pypi |
|---|
| Namespace | |
|---|
| Name | semantic-kernel |
|---|
| Version | 0.9.4b1 |
|---|
| Qualifiers |
|
|---|
| Subpath | |
|---|
| Is_vulnerable | true |
|---|
| Next_non_vulnerable_version | 1.39.4 |
|---|
| Latest_non_vulnerable_version | 1.39.4 |
|---|
| Affected_by_vulnerabilities |
| 0 |
| url |
VCID-msgd-aq9b-6fcx |
| vulnerability_id |
VCID-msgd-aq9b-6fcx |
| summary |
Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK
_What kind of vulnerability is it? Who is impacted?_
An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the `SessionsPythonPlugin`.
Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and are using the `SessionsPythonPlugin` |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-25592, GHSA-2ww3-72rp-wpp4
|
| risk_score |
null |
| exploitability |
null |
| weighted_severity |
null |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-msgd-aq9b-6fcx |
|
| 1 |
| url |
VCID-yt8v-22tc-hyep |
| vulnerability_id |
VCID-yt8v-22tc-hyep |
| summary |
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2026-26030, GHSA-xjw9-4gw8-4rqx, PYSEC-2026-163
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-yt8v-22tc-hyep |
|
|
|---|
| Fixing_vulnerabilities |
|
|---|
| Risk_score | 4.5 |
|---|
| Resource_url | http://public2.vulnerablecode.io/packages/pkg:pypi/semantic-kernel@0.9.4b1 |
|---|