CNNVD-202602-947 Information
CNNVD ID
CNNVD-202602-947
Related CVE
- CNNVD Published: 2026-02-06
Description (Chinese)
Microsoft Semantic Kernel是美国Microsoft公司的一个大模型编排框架。 Microsoft Semantic Kernel 1.70.0之前版本存在路径遍历漏洞,该漏洞源于SessionsPythonPlugin中存在任意文件写入漏洞。
Description (English)
Microsoft Semantic Kernel is a large modeling framework for Microsoft USA. The previous version of Microsoft Semantic Kernel 1.70.0 had a loophole in the path, which stemmed from the existence of any file writing gap in the ServicePythonPlugin.
Hazard Level
High
Vulnerability Type
路径遍历
Affected Vendor
微软
Published
2026-02-06
Last Modified
2026-02-24
References
https://github.com/microsoft/semantic-kernel/pull/13478/changes#diff-88d3cacba2bfa84eef8f2aa171b34f9940338cbb784a3ffc49f5fe3af1b8943d https://github.com/microsoft/semantic-kernel/security/advisories/GHSA-2ww3-72rp-wpp4 https://github.com/microsoft/semantic-kernel/blob/main/dotnet/samples/Demos/CodeInterpreterPlugin/Program.cs#L61-L64 https://access.redhat.com/security/cve/cve-2026-25592
Patch
https://github.com/microsoft/semantic-kernel/releases
Share on: