CVE-2026-26030

CriticalRCE

Published: 19 February 2026

Published

19 February 2026

Modified

03 March 2026

KEV Added

—

Patch

—

CVSS Score 9.9 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

EPSS Score 0.0010 27.7th percentile

Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-26030 is a critical-severity Code Injection (CWE-94) vulnerability in Microsoft Semantic Kernel. Its CVSS base score is 9.9 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 27.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 CM-7 (Least Functionality) and SI-2 (Flaw Remediation).

Threat & Defense at a Glance

What attackers do: exploitation maps to Exploit Public-Facing Application (T1190) and 2 other techniques. What defenders deploy: see the NIST 800-53 controls recommended below.

Threat & Defense Details

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match

prevent

Directly requires timely remediation of identified flaws by upgrading the vulnerable Semantic Kernel Python SDK to version 1.39.4 or higher to eliminate the RCE vulnerability.

CM-7 Least Functionality good match

prevent

Enables restriction or prohibition of the vulnerable InMemoryVectorStore filter functionality in production, matching the vendor's workaround to prevent exploitation.

RA-5 Vulnerability Monitoring and Scanning partial match

detect

Supports scanning for and identifying the presence of the vulnerable Semantic Kernel Python SDK versions to enable proactive flaw remediation.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access

Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.

attack.mitre.org →

T1059.006 Python Execution

Adversaries may abuse Python commands and scripts for execution.

attack.mitre.org →

T1068 Exploitation for Privilege Escalation Privilege Escalation

Adversaries may exploit software vulnerabilities in an attempt to elevate privileges.

attack.mitre.org →

Why these techniques?

Remote code execution via code injection in Python SDK enables exploitation of public-facing applications (T1190), Python interpreter execution (T1059.006), and privilege escalation from low privileges to full system compromise (T1068).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

NVD Description

Semantic Kernel, Microsoft's semantic kernel Python SDK, has a remote code execution vulnerability in versions prior to 1.39.4, specifically within the `InMemoryVectorStore` filter functionality. The problem has been fixed in version `python-1.39.4`. Users should upgrade this version or higher. As…

a workaround, avoid using `InMemoryVectorStore` for production scenarios.

Deeper analysisAI

CVE-2026-26030 is a remote code execution vulnerability (CWE-94: Code Injection) affecting Microsoft's Semantic Kernel Python SDK in versions prior to 1.39.4. The flaw resides specifically in the `InMemoryVectorStore` filter functionality, allowing arbitrary code execution. The vulnerability was published on 2026-02-19 and carries a CVSS v3.1 base score of 9.9, reflecting its critical severity.

An attacker with low privileges (PR:L) can exploit this over the network (AV:N) with low complexity (AC:L) and no user interaction (UI:N). Successful exploitation leads to high impacts on confidentiality, integrity, and availability (C:H/I:H/A:H), with a changed scope (S:C), enabling full system compromise on affected deployments.

Mitigation is available via upgrade to version python-1.39.4 or higher, as detailed in the GitHub security advisory (GHSA-xjw9-4gw8-4rqx), release notes, and associated pull request. As a workaround, avoid using `InMemoryVectorStore` in production scenarios.

Details

CWE(s): CWE-94

Affected Products

microsoft

semantic kernel

≤ 1.39.4

CVEs Like This One

CVE-2025-65037Same vendor: Microsoft

CVE-2025-49704Same vendor: Microsoft

CVE-2025-21292Same vendor: Microsoft

CVE-2026-21537Same vendor: Microsoft

CVE-2026-42898Same vendor: Microsoft

CVE-2026-41094Same vendor: Microsoft

CVE-2025-21187Same vendor: Microsoft

CVE-2025-29807Same vendor: Microsoft

CVE-2026-33105Same vendor: Microsoft

CVE-2025-64657Same vendor: Microsoft

References

https://github.com/microsoft/semantic-kernel/pull/13505
Issue Tracking, Patch · security-advisories@github.com
https://github.com/microsoft/semantic-kernel/releases/tag/python-1.39.4
Release Notes · security-advisories@github.com
https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-xjw9-4gw8-4rqx
Patch, Vendor Advisory · security-advisories@github.com