CVE-2026-25592
Semantic Kernel has Arbitrary File Write via AI Agent Function Calling in .NET SDK
描述
### Impact _What kind of vulnerability is it? Who is impacted?_ An Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the `SessionsPythonPlugin`. Developers who have built applications which include Microsoft's Semantic Kernel .NET SDK and are using the `SessionsPythonPlugin` ### Patches _Has the problem been patched? What versions should users upgrade to?_ The problem has been fixed in [Microsoft.SemanticKernel.Plugins.Core version 1.71.0](https://www.nuget.org/packages/Microsoft.SemanticKernel.Plugins.Core/1.71.0). Users should upgrade to version 1.71.0 or higher. ### Workarounds _Is there a way for users to fix or remediate the vulnerability without upgrading?_ Users can create a [Function Invocation Filter](https://learn.microsoft.com/en-us/semantic-kernel/concepts/enterprise-readiness/filters?pivots=programming-language-csharp#function-invocation-filter) which checks the arguments being passed to any calls to `DownloadFileAsync ` or `UploadFileAsync` and ensures the provided `localFilePath` is allow listed. ### References _Are there any links users can visit to find out more?_ - [Sample showing safe use of the CodeInterpreterPlugin](https://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64) - [PR to Add file upload security controls to SessionsPythonPlugin](https://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d)
如何修補 CVE-2026-25592
要修補 CVE-2026-25592,請將受影響套件升級到下列已修補版本。
- —升級至 1.71.0 或更新版本
- —升級至 1.39.3 或更新版本
CVE-2026-25592 正在被利用嗎?
低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。
受影響套件(2)
- from 0, < 1.71.0