Описание
Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK
Impact
What kind of vulnerability is it? Who is impacted?
An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin.
Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and are using the SessionsPythonPlugin.
Patches
Has the problem been patched? What versions should users upgrade to?
The problem has been fixed in Microsoft.SemanticKernel.Core version 1.70.0. Users should upgrade to version 1.70.0 or higher.
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
Users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync or UploadFileAsync and ensures the provided localFilePath is allow listed.
References
Are there any links users can visit to find out more?
Ссылки
- https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4
- https://nvd.nist.gov/vuln/detail/CVE-2026-25592
- https://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d
- https://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64
Пакеты
Microsoft.SemanticKernel.Core
< 1.70.0
1.70.0
semantic-kernel
< 1.39.3
1.39.3