CVE- 2026-25592 is described as a critical vulnerability in Microsoft's Semantic Kernel .NET SDK, with a CVSS 10.0, that could allow an AI agent to overwrite files on the host system. The flaw lies in the SessionsPythonPlugin, where the DownloadFileAsync and UploadFileAsync functions fail to properly validate file paths, meaning a malicious actor or even a misguided AI could direct the agent to write a file anywhere on the server.
According to the advisory, an Arbitrary File Write vulnerability has been identified in Microsoft’s Semantic Kernel .NET SDK, specifically within the SessionsPythonPlugin. The issue affects developers using the Semantic Kernel .NET SDK who have enabled the SessionsPythonPlugin, and Microsoft has fixed the vulnerability in Microsoft.SemanticKernel[.]Core version 1.70.0, with a recommendation to upgrade immediately.
As a temporary workaround for those unable to upgrade, the advisory suggests implementing a Function Invocation Filter to whitelistsafe localFilePath arguments passed to DownloadFileAsync or UploadFileAsync.