GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable — CVE-2026-26030

Summary

Advisory CVE-2026-26030. GitHub: CVE-2026-26030 Microsoft Semantic Kernel InMemoryVectorStore filter functionality vulnerable Vendor: Microsoft. Source: MSRC. Threat: critical. CVSS 9.9. See the official advisory for details.

What to do

General, cautious steps (verify details in the official source):

• Prioritize patching or mitigation immediately (treat as actively risky).
• Identify affected product versions in your inventory and verify whether you are impacted.
• Apply vendor patches/updates or recommended mitigations as soon as available.
• Read the official advisory for exact affected versions and remediation steps.

Official advisory

Read the official source

Related advisories

• Microsoft Devices Pricing Program Remote Code Execution Vulnerability CVE-2026-21536
• <vuln:Note Title="Mariner" Type="Tag" Ordinal="20">Mariner CVE-2026-3904
• use after free in SMB connection reuse CVE-2026-3805
• bad reuse of HTTP Negotiate connection CVE-2026-1965
• token leak with redirect and netrc CVE-2026-3783
• wrong proxy connection reuse with credentials CVE-2026-3784
• Microsoft Edge (Chromium-based) for Android Spoofing Vulnerability CVE-2026-0385
• Windows App Installer Spoofing Vulnerability CVE-2026-23656
• M365 Copilot Information Disclosure Vulnerability CVE-2026-26133
• .NET Denial of Service Vulnerability CVE-2026-26127
• .NET Elevation of Privilege Vulnerability CVE-2026-26131
• Arc Enabled Servers - Azure Connected Machine Agent Elevation of Privilege Vulnerability CVE-2026-26117