{"@odata.context":"https://api.msrc.microsoft.com/sug/v2.0/sugodata/v2.0/en-US/$metadata#vulnerability/$entity","id":"00000000-0000-0000-0000-00001d175eb6","releaseDate":"2026-03-10T07:00:00-07:00","cveNumber":"CVE-2026-26030","cveTitle":"GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable","releaseNumber":"2026-Mar","vulnType":"Security Vulnerability","latestRevisionDate":"2026-03-12T07:00:00-07:00","description":"<p><a href=\"https://www.cve.org/CVERecord?id=CVE-2026-26030\">CVE-2026-26030</a> is a Remote Code Execution vulnerability that has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. GitHub created this CVE on their behalf. GitHub created this CVE on their behalf. This document incorporates updates in the Microsoft Semantic Kernel Repository which address this vulnerability.</p>\n<p>Please see <a href=\"https://www.cve.org/CVERecord?id=CVE-2026-26030\">CVE-2026-26030</a> for more information.</p>\n","cweList":["CWE-749: Exposed Dangerous Method or Function"],"cweDetailsListForSearch":["cwe: CWE-749: Exposed Dangerous Method or Function","cweUrl: https://cwe.mitre.org/data/definitions/749.html"],"unformattedDescription":"[CVE-2026-26030](https://www.cve.org/CVERecord?id=CVE-2026-26030) is a Remote Code Execution vulnerability that has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality. GitHub created this CVE on their behalf. GitHub created this CVE on their behalf. This document incorporates updates in the Microsoft Semantic Kernel Repository which address this vulnerability.\n\nPlease see [CVE-2026-26030](https://www.cve.org/CVERecord?id=CVE-2026-26030) for more information.","mitreText":"CVE-2026-26030","mitreUrl":"https://www.cve.org/CVERecord?id=CVE-2026-26030","publiclyDisclosed":"No","exploited":"No","latestSoftwareReleaseId":3,"latestSoftwareRelease":"Exploitation Unlikely","olderSoftwareReleaseId":0,"denialOfService":"N/A","tag":"Microsoft Semantic Kernel Python SDK","issuingCna":"GitHub","issuingCnaId":100000002,"severityId":100000001,"severity":"Important","impactId":100000005,"impact":"Remote Code Execution","langCode":"en-US","baseScore":"9.9","temporalScore":"8.6","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C","vectorStringSource":"Microsoft","isMariner":false,"customerActionRequired":true,"customerActionRequiredId":1,"cweDetailsList":[{"keys":["cwe","cweUrl"],"values":["CWE-749: Exposed Dangerous Method or Function","https://cwe.mitre.org/data/definitions/749.html"]}],"articles":[{"title":"Microsoft Semantic Kernel Python SDK Remote Code Execution Vulnerability","articleType":"100000000","description":"<p>Exposed dangerous method or function in Microsoft Semantic Kernel Python SDK allows an authorized attacker to execute code over a network.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, a successful exploitation could lead to a scope change (S:C). What does this mean for this vulnerability?</strong></p>\n<p>An exploited vulnerability can affect resources beyond the security scope managed by the security authority of the vulnerable component. In this case, the vulnerable component and the impacted component are different and managed by different security authorities.</p>\n","ordinal":10002},{"articleType":"FAQ","description":"<p><strong>According to the CVSS metric, privileges required is low (PR:L).  What does that mean for this vulnerability?</strong></p>\n<p>Any authenticated attacker could trigger this vulnerability. It does not require admin or other elevated privileges.</p>\n","ordinal":10000},{"articleType":"FAQ","description":"<p><strong>How could an attacker exploit this vulnerability?</strong></p>\n<p>An attacker would need to reach an application that uses the vulnerable Semantic Kernel Python SDK and allows users to submit filter strings (for example, as part of search or query options) over the network. By sending a specially crafted filter value to such an application, the attacker could cause their code to run on the server with the application\u2019s permissions, without needing to sign in or rely on any action from another user, provided this functionality is exposed to untrusted input.</p>\n","ordinal":10000},{"articleType":"Workaround","description":"<p>The following has been identified as a workaround for this vulnerability.</p>\n<p>Avoid using <code>InMemoryVectorStore</code> for production scenarios.</p>\n","ordinal":10000}],"revisions":[{"cveNumber":"CVE-2026-26030","version":1.1,"revisionDate":"2026-03-12T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Acknowledgement added. This is an informational change only.</p>\n","unformattedDescription":"Acknowledgement added. This is an informational change only.","notificationNeeded":false,"notificationSent":false,"sourceId":"5b16bdbc-211e-f111-939a-000d3ac5fb71"},{"cveNumber":"CVE-2026-26030","version":1,"revisionDate":"2026-03-10T07:00:00-07:00","initialDate":"0001-01-01T00:00:00Z","description":"<p>Information published.</p>\n","unformattedDescription":"Information published.","notificationNeeded":false,"notificationSent":false,"sourceId":"ffaaf083-c018-f111-93f8-000d3afbc7d7"}]}