If you build artificial intelligence applications using Microsoft Semantic Kernel with Python, you need to take action immediately. CVE-2026-26030 was disclosed — a remote code execution (RCE) vulnerability with a CVSS score of 10.0, the maximum possible on the vulnerability severity scale.
What is CVE-2026-26030?
The vulnerability was disclosed on February 19, 2026 and resides in the InMemoryVectorStore component of the Semantic Kernel Python SDK. The flaw is a code injection in the filter functionality: an authenticated attacker can send a specially crafted query that the system interprets as executable code, allowing them to take complete control of the affected server or application.
Why is this so severe?
- CVSS 10.0: the maximum possible score. Very few CVEs ever reach this level
- No user interaction required: no one needs to click anything
- Low privilege requirement: only basic authentication is needed to exploit the flaw
- Full impact: confidentiality, integrity, and availability are completely compromised
What is Microsoft Semantic Kernel?
Semantic Kernel is Microsoft open source framework for building AI applications. It allows developers to integrate language models like GPT-4 or Claude directly into Python, C#, or Java applications, with memory, planning, and function execution capabilities.
It is widely used in enterprise applications connecting to Azure OpenAI, OpenAI directly, or local models. If your company has an AI chatbot, assistant, or automation pipeline built with Python and Azure OpenAI, it likely uses Semantic Kernel.
Which versions are affected?
The vulnerability affects all versions of the Semantic Kernel Python SDK prior to version 1.39.4. The patched version has been available since February 19.
How to check if you are affected
In your Python environment, run:
pip show semantic-kernelIf the version shown is below 1.39.4, you are exposed.
How to fix it
The fix is straightforward: upgrade to the patched version:
pip install --upgrade "semantic-kernel>=1.39.4"If you use a requirements.txt or pyproject.toml file, update the dependency to specify the minimum version:
semantic-kernel>=1.39.4Then reinstall your dependencies and redeploy the application.
Temporary workaround
If you cannot update immediately, Microsoft recommends avoiding the use of InMemoryVectorStore in production environments until the patch is applied. This is not a permanent solution but reduces your exposure surface.
Context: AI as a new attack surface
This CVE is not an isolated case. As documented in the CrowdStrike 2026 Global Threat Report published today, AI systems are becoming attack vectors. AI development frameworks, by directly connecting to external APIs and executing code dynamically, have an inherently larger attack surface than traditional software.
Keeping your AI SDKs up to date is not optional. It is a critical part of the secure development lifecycle.
