Share
## https://sploitus.com/exploit?id=CA5BC12A-765B-5101-9555-4813FD4E179C
# Microsoft Semantic Kernel B[Passed to VectorStore query/filter]
B --> C[InMemoryVectorStore evaluates filter expression unsafely]
C --> D[Unsafe attribute resolution via __class__ / __base__ / __subclasses__]
D --> E[Access to __init__.__globals__ containing os and __builtins__]
E --> F[Arbitrary code execution e.g. os.system]
F --> G[Remote Code Execution in application context]
style G fill:#ff6666,stroke:#333,stroke-width:2px
```
## Exploit Details
- **CVE**: CVE-2026-26030
- **Date**: 2026-02-24
- **Exploit Author**: Mohammed Idrees Banyamer
- **Country**: Jordan
- **Instagram**: @banyamer_security
- **GitHub**: [mbanyamer](https://github.com/mbanyamer)
- **Vendor Homepage**: https://github.com/microsoft/semantic-kernel
- **Package**: https://pypi.org/project/semantic-kernel/
- **Affected versions**: semantic-kernel = 1.39.4**
Applications using `InMemoryVectorStore` should:
- Never pass untrusted/user-controlled strings into filter expressions
- Apply strict input validation / sanitization if filters must be dynamic
- Consider safer / more restricted vector store implementations
## License
MIT License
Copyright ยฉ 2026 Mohammed Idrees Banyamer