Agents
Microsoft 'When Prompts Become Shells': Semantic Kernel Prompt Injection Enables Host-Level RCE via eval()
Microsoft Security published research on May 7 showing how prompt injection in Semantic Kernel achieves host-level remote code execution — a single prompt launched calc.exe on the device running the AI agent with no browser exploit, attachment, or memory corruption needed. CVE-2026-26030 (Python SDK <1.39.4) builds InMemoryVectorStore filter expressions as Python lambdas executed via eval(). CVE-2026-25592 (.NET <1.71.0) lives in SessionsPythonPlugin for Azure Container Apps. Microsoft framed this as a systemic pattern across agent frameworks where tool registries become attack surfaces.
↳ Follow the thread