Skills
Microsoft Discloses 'Prompts Become Shells' — Two Semantic Kernel CVEs Chain Prompt Injection Into Host-Level RCE via eval() and Unsandboxed File Writes
Microsoft Security published a deep-dive on CVE-2026-26030 (Python eval() in vector store filters) and CVE-2026-25592 (.NET sandbox escape via DownloadFileAsync). The attack chain turns prompt injection into host-level code execution — calc.exe launched from a single prompt. Semantic Kernel Python < 1.39.4 and .NET < 1.71.0 affected; patches remove AI model access to dangerous functions. Microsoft's key principle: 'Any tool parameter the model can influence must be treated as attacker-controlled input.'
↳ Follow the thread