Bypassing the CVE-2026-25592 Patch in Microsoft Semantic Kernel

The research describes a vulnerability in Microsoft Semantic Kernel (.NET SDK v1.47.0–1.48.0) and Agent Framework 1.0 that enables remote code execution (RCE). The issue stems from an unsafe trust model in which stochastic LLM output is interpreted as executable system commands.

The vulnerability forms a chain of CWE-1039 → CWE-22 → CWE-94 and remains exploitable despite the official patch for CVE-2026-25592. Exploitation requires no privileges, can be performed remotely, and may result in overwriting the host application's source code (the “Self-Nuke” vector). The research demonstrates six independent 0-day bypasses of the implemented security mechanisms.

📎 Article: https://nuka-ai.github.io/posts/2026-07-28-Semantic-Kernel-disclosure/

💬 Discuss