CVE-2026-25592 CRITICAL

CVE-2026-25592: Semantic Kernel has an Arbitrary File Write via AI Agent Function Calling in .NET SDK

Vendor Microsoft
Product semantic-kernel
Weakness CWE-22 · Path traversal
Published February 6, 2026
Last update February 18, 2026

CVSS base score

10.0/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Semantic Kernel is an SDK used to build, orchestrate, and deploy AI agents and multi-agent systems. Prior to 1.71.0, an Arbitrary File Write vulnerability has been identified in Microsoft's Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The problem has been fixed in Microsoft.SemanticKernel.Core version 1.71.0. As a mitigation, users can create a Function Invocation Filter which checks the arguments being passed to any calls to DownloadFileAsync  or UploadFileAsync and ensures the provided localFilePath is allow listed.

Key dates

02Disclosure timeline

February 6, 2026 CVE published
February 18, 2026 Record updated