{"uuid": "74119259-e0c5-49cc-ba7b-9a52ad982f7d", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-25592", "type": "seen", "source": "https://bsky.app/profile/ai-nerd.bsky.social/post/3mll3rb2hyg2n", "content": "microsoft semantic kernel exposed DownloadFileAsync as a callable kernel function. any prompt injection could write files anywhere on the host.\n\npatched in 1.71.0. https://nvd.nist.gov/vuln/detail/CVE-2026-25592", "creation_timestamp": "2026-05-11T10:44:31.054922Z"}