VulnerableCode Package Details - pkg:pypi/semantic-kernel@1.12.0

Search for packages

Vulnerability	Summary	Fixed by
VCID-msgd-aq9b-6fcx Aliases: CVE-2026-25592 GHSA-2ww3-72rp-wpp4	Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK _What kind of vulnerability is it? Who is impacted?_ An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the `SessionsPythonPlugin`. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and are using the `SessionsPythonPlugin`	1.39.3 Affected by 1 other vulnerability. This version is affected by these other vulnerabilities: {{ fixed_by_vuln.vulnerability_id }}
VCID-yt8v-22tc-hyep Aliases: CVE-2026-26030 GHSA-xjw9-4gw8-4rqx PYSEC-2026-163	Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.	1.39.4 Affected by 0 other vulnerabilities.

Vulnerability

Summary

Fixed by

VCID-msgd-aq9b-6fcx
Aliases:
CVE-2026-25592
GHSA-2ww3-72rp-wpp4

Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK _What kind of vulnerability is it? Who is impacted?_ An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the `SessionsPythonPlugin`. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and are using the `SessionsPythonPlugin`

1.39.3
Affected by 1 other vulnerability.

VCID-yt8v-22tc-hyep
Aliases:
CVE-2026-26030
GHSA-xjw9-4gw8-4rqx
PYSEC-2026-163

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.

1.39.4
Affected by 0 other vulnerabilities.

Vulnerability	Summary	Aliases
This package is not known to fix vulnerabilities.

Vulnerability

Summary

Aliases

This package is not known to fix vulnerabilities.

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2026-06-06T06:55:47.986985+00:00	GitLab Importer	Affected by	VCID-yt8v-22tc-hyep	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/semantic-kernel/CVE-2026-26030.yml	38.6.0
2026-06-06T06:50:53.728404+00:00	GitLab Importer	Affected by	VCID-msgd-aq9b-6fcx	https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/semantic-kernel/CVE-2026-25592.yml	38.6.0
2026-06-05T17:04:56.960451+00:00	PyPI Importer	Affected by	VCID-yt8v-22tc-hyep	https://osv-vulnerabilities.storage.googleapis.com/PyPI/all.zip	38.6.0
2026-06-02T04:23:57.197678+00:00	Pypa Importer	Affected by	VCID-yt8v-22tc-hyep	https://github.com/pypa/advisory-database/blob/main/vulns/semantic-kernel/PYSEC-2026-163.yaml	38.6.0