Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:pypi/semantic-kernel@1.39.3
purl pkg:pypi/semantic-kernel@1.39.3
Next non-vulnerable version 1.39.4
Latest non-vulnerable version 1.39.4
Risk
Vulnerabilities affecting this package (1)
Vulnerability Summary Fixed by
VCID-yt8v-22tc-hyep
Aliases:
CVE-2026-26030
GHSA-xjw9-4gw8-4rqx
PYSEC-2026-163
Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As a workaround, avoid using `InMemoryVectorStore` for production scenarios.
1.39.4
Affected by 0 other vulnerabilities.
Vulnerabilities fixed by this package (1)
Vulnerability Summary Aliases
VCID-msgd-aq9b-6fcx Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK _What kind of vulnerability is it? Who is impacted?_ An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the `SessionsPythonPlugin`. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and are using the `SessionsPythonPlugin` CVE-2026-25592
GHSA-2ww3-72rp-wpp4

Date Actor Action Vulnerability Source VulnerableCode Version
2026-06-02T04:50:00.577402+00:00 GitLab Importer Fixing VCID-msgd-aq9b-6fcx https://gitlab.com/gitlab-org/advisories-community/-/blob/main/pypi/semantic-kernel/CVE-2026-25592.yml 38.6.0
2026-06-02T04:23:57.430858+00:00 Pypa Importer Affected by VCID-yt8v-22tc-hyep https://github.com/pypa/advisory-database/blob/main/vulns/semantic-kernel/PYSEC-2026-163.yaml 38.6.0