CVE-2026-25592
CRITICALMicrosoft.SemanticKernel.Core < 1.71.0 - Arbitrary File Write via SessionsPythonPlugin
Title source: llmDescription
Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.71.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync or UploadFileAsync and ensures the provided localFilePath is allow listed.
References (3)
Core 3
Core References
Vendor Advisory x_refsource_confirm
https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4
Issue Tracking x_refsource_misc
https://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d
Various Sources x_refsource_misc
https://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64
Scores
CVSS v3
9.9
EPSS
0.0195
EPSS Percentile
77.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
total
Details
CWE
CWE-22
Status
published
Products (2)
nuget/Microsoft.SemanticKernel.Core
0 - 1.70.0NuGet
pypi/semantic-kernel
0 - 1.39.3PyPI
Published
Feb 06, 2026
Tracked Since
Feb 18, 2026