Human
Machine
REPRO-2026-00099 CRITICAL RCE
Verified
Semantic Kernel: RCE via InMemoryVectorStore Filter
semantic-kernel (pip) Feb 19, 2026
What's the vulnerability?
An RCE vulnerability has been identified in Microsoft Semantic Kernel Python SDK, specifically within the InMemoryVectorStore filter functionality.
Root Cause Analysis
One Command
Verify with pruva-verify
Run the Pruva CLI to automatically fetch and execute the reproduction script.
pruva-verify REPRO-2026-00099 or
pruva-verify GHSA-xjw9-4gw8-4rqx or
pruva-verify CVE-2026-26030 Install:
curl -fsSL https://pruva.dev/install.sh | sh Or Run Manually
1
Download the script
curl -O https://pruva.dev/api/v1/reproductions/REPRO-2026-00099/artifacts/repro/reproduction_steps.sh 2
Make executable
chmod +x reproduction_steps.sh 3
Run the script
./reproduction_steps.sh Run in a VM, container, or disposable environment. This exploits a real vulnerability.
How Pruva Reproduced This
Watch the AI agent's step-by-step process.
Loading session...