A critical remote code execution vulnerability in Microsoft's Semantic Kernel Python SDK allows unauthenticated attackers to compromise systems using the InMemoryVectorStore functionality.

This flaw is a remote code execution (RCE) vulnerability located within the InMemoryVectorStore filter functionality. An unauthenticated attacker can exploit this logic to execute arbitrary commands within the context of the application using the SDK.

A successful exploit allows for full system compromise, potentially leading to the theft of sensitive AI models, data exfiltration, or lateral movement within the corporate network. With a CVSS score of 9.9, this vulnerability represents a near-maximum technical risk, as it requires no user interaction and provides high-impact execution capabilities.

Immediate Action: Update the Semantic Kernel Python SDK to version 1.39.4 or higher immediately to patch the vulnerable filter logic.

Proactive Monitoring: Review application logs for unusual filter queries or unexpected process executions originating from the Python environment.

Compensating Controls: As an immediate workaround, organizations should avoid using the InMemoryVectorStore component in production environments until the patch is applied.

Public Exploit Available: No

The severity of this RCE vulnerability cannot be overstated, particularly for organizations integrating AI capabilities into their workflows. It is strongly recommended that development teams prioritize the update to version 1.39.4 to eliminate the risk of remote compromise.