
Semantic Kernel Agent RCE Vulnerabilities Guide 2026: When Prompt Injection Becomes Code Execution
If you’re building AI agents with Microsoft’s Semantic Kernel, stop and check your version right now. Two critical vulnerabilities — CVE-2026-26030 (CVSS 9.9) and CVE-2026-25592 (CVSS 9.9) — turn prompt injection from a content-quality annoyance into a full host compromise primitive. I’ve spent the last few weeks digging into both exploits, and the implications go far beyond Semantic Kernel itself. Here’s the uncomfortable truth: AI models are not security boundaries. Every parameter an LLM can influence when calling a tool is attacker-controlled input. If your framework passes that input to eval(), a file write function, or a shell command without validation, you’ve built a remote code execution vector that only needs a cleverly crafted prompt to trigger. ...