Semantic Kernel has an Arbitrary File Write via AI Agent...

10 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Description

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.70.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.70.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync  or UploadFileAsync and ensures the provided localFilePath is allow listed.

AI Analysis

Arbitrary File Write vulnerability in Microsoft's Semantic Kernel .NET SDK

Basic Information

ID CVE-2026-25592

Source GitHub_M

Published Feb 6, 2026 at 20:38

Affected Product

Vendor microsoft

Product semantic-kernel

Version < 1.70.0

Affected Versions microsoft semantic-kernel < 1.70.0

CWE Classification

CWE-22

AI Assessment

AI Score 10 / 10

AI Severity Critical

Vendor Microsoft

Product Semantic Kernel

Version < 1.70.0

References

{
    "lastseen": "",
    "description": "Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.70.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel\u202f.NET SDK, specifically within the\u202fSessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.70.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync\u202f or UploadFileAsync and ensures the provided localFilePath is allow listed.",
    "published": "2026-02-06T20:38:28.770Z",
    "modified": "2026-02-06T20:38:28.770Z",
    "type": "cve",
    "title": "Semantic Kernel has an Arbitrary File Write via AI Agent Function Calling in .NET SDK",
    "source": "GitHub_M",
    "references": "https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4\nhttps://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d\nhttps://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64",
    "id": "CVE-2026-25592",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "microsoft semantic-kernel < 1.70.0",
    "sourceHref": "",
    "cvss": {
        "score": 10,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "semantic-kernel",
    "version": "< 1.70.0",
    "vendor": "microsoft",
    "ai_description": "Arbitrary File Write vulnerability in Microsoft's Semantic Kernel .NET SDK",
    "ai_severity": "Critical",
    "ai_vendor": "Microsoft",
    "ai_product": "Semantic Kernel",
    "ai_version": "< 1.70.0",
    "ai_score": 10
}

Semantic Kernel has an Arbitrary File Write via AI Agent Function Calling in .NET SDK_CVE-2026-25592