Agents
CVE-2026-2256: Critical Shell Injection in Microsoft Agent Framework Enables Prompt Injection to Full System Takeover — Assigned VU#431821
Security researchers disclosed CVE-2026-2256 (VU#431821) in Microsoft's Agent Framework: unsanitized shell command execution allows AI-generated or external content to trigger arbitrary command execution on the underlying OS via prompt injection. The flaw stems from the framework passing user-controlled or model-generated inputs directly through its shell without sanitization, meaning a malicious tool response, retrieved document, or adversarial prompt can escalate to full system control. This arrives as Microsoft Agent Framework approaches its late-March 2026 GA — operators currently on AutoGen or Semantic Kernel should audit shell tool usage before migrating.
Source
↳ Follow the thread