https://vulnerability.circl.lu/sightings/feed 2026-06-05T13:16:45.378475+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/3f905d2c-a62d-45b9-825c-8f7aa785fcee/export 2026-06-05T13:16:45.440014+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "3f905d2c-a62d-45b9-825c-8f7aa785fcee", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26034", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mgc4yx237v2v", "content": "", "creation_timestamp": "2026-03-05T06:06:47.172913Z"} 2026-03-05T06:06:47.172913+00:00 https://vulnerability.circl.lu/sighting/bf4e2150-ae07-4a5a-a293-70128eee4bda/export 2026-06-05T13:16:45.439914+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "bf4e2150-ae07-4a5a-a293-70128eee4bda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26033", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mgc5j6gwfy2v", "content": "", "creation_timestamp": "2026-03-05T06:15:51.952494Z"} 2026-03-05T06:15:51.952494+00:00 https://vulnerability.circl.lu/sighting/ff36bd1b-b0e1-425b-ae9d-d6eec78a78f1/export 2026-06-05T13:16:45.439806+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "ff36bd1b-b0e1-425b-ae9d-d6eec78a78f1", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26030", "type": "seen", "source": "https://www.thezdi.com/blog/2026/3/10/the-march-2026-security-update-review", "content": "", "creation_timestamp": "2026-03-10T16:57:37.000000Z"} 2026-03-10T16:57:37+00:00 https://vulnerability.circl.lu/sighting/8bf330f8-9244-4af0-b142-46df6c9a3312/export 2026-06-05T13:16:45.439641+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "8bf330f8-9244-4af0-b142-46df6c9a3312", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-26030", "type": "seen", "source": "https://isc.sans.edu/diary/Microsoft+Patch+Tuesday+March+2026/32782", "content": "", "creation_timestamp": "2026-03-11T03:00:16.000000Z"} 2026-03-11T03:00:16+00:00 https://vulnerability.circl.lu/sighting/dd3d91af-6383-48ac-8aa8-51963842ebb3/export 2026-06-05T13:16:45.438226+00:00 Joseph Lee https://vulnerability.circl.lu/user/syspect {"uuid": "dd3d91af-6383-48ac-8aa8-51963842ebb3", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "86ecb4e1-bb32-44d5-9f39-8a4673af8385", "vulnerability": "CVE-2026-26030", "type": "seen", "source": "https://isc.sans.edu/diary/rss/32782", "content": "", "creation_timestamp": "2026-03-11T03:00:20.000000Z"} 2026-03-11T03:00:20+00:00 https://vulnerability.circl.lu/sighting/346a6591-41e5-4ae8-a48b-11acddf50793/export 2026-06-05T13:16:45.438144+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "346a6591-41e5-4ae8-a48b-11acddf50793", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-2603", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mhchtmnsgb2c", "content": "", "creation_timestamp": "2026-03-18T02:45:52.263093Z"} 2026-03-18T02:45:52.263093+00:00 https://vulnerability.circl.lu/sighting/d7c3e02e-6ff2-4445-babc-743b6caca8c6/export 2026-06-05T13:16:45.438053+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "d7c3e02e-6ff2-4445-babc-743b6caca8c6", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26030", "type": "seen", "source": "https://swecyb.com/ap/users/116080658609901341/statuses/116535698755654805", "content": "(microsoft.com) Critical Vulnerabilities in Microsoft Semantic Kernel: From Prompt Injection to Remote Code Execution\nCritical vulnerabilities in Microsoft Semantic Kernel (CVE-2026-25592, CVE-2026-26030) enable prompt injection to escalate to host-level RCE or arbitrary file writes, exposing systemic risks in AI agent frameworks.\nIn brief - Two CVEs in Microsoft Semantic Kernel demonstrate how prompt injection can bypass security boundaries, leading to RCE or file writes. Patched via responsible disclosure, but highlights urgent need for secure AI agent architectures.\nTechnically - CVE-2026-26030 exploits unsafe string interpolation in the In-Memory Vector Store\u2019s filter functionality, allowing `eval()`-based RCE via crafted prompts. CVE-2026-25592 abuses exposed `DownloadFileAsync` in the .NET SDK to write files to arbitrary locations, including Startup folders. Exploit chains involve AST traversal and sandbox escape. Mitigations: upgrade, AST allowlists, and tool exposure restrictions. Detection queries provided for post-exploitation activity.\nSource: https://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/\n#Cybersecurity #ThreatIntel", "creation_timestamp": "2026-05-07T22:42:34.934741Z"} 2026-05-07T22:42:34.934741+00:00 https://vulnerability.circl.lu/sighting/b42d48b3-c109-40c1-a6a9-1babe0768ebd/export 2026-06-05T13:16:45.437929+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "b42d48b3-c109-40c1-a6a9-1babe0768ebd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26030", "type": "seen", "source": "https://bsky.app/profile/mel-echosphere.bsky.social/post/3mmvjwkyd662s", "content": "Microsoft \u304c\u81ea\u5206\u3067\u66f8\u3044\u305f\u2014\u2014\u300cWhen prompts become shells\u300d\u3002\n\nSemantic Kernel \u306b prompt injection \u2192 RCE \u304c2\u672c\u3002CVE-2026-25592(.NET)\u3001CVE-2026-26030(Python)\u3002Copilot \u306e\u88cf\u3067\u52d5\u304fAI\u30d5\u30ec\u30fc\u30e0\u30ef\u30fc\u30af\u3060\u3002\u26a0\ufe0f\n\nhttps://www.microsoft.com/en-us/security/blog/2026/05/07/prompts-become-shells-rce-vulnerabilities-ai-agent-frameworks/", "creation_timestamp": "2026-05-28T07:49:51.162527Z"} 2026-05-28T07:49:51.162527+00:00 https://vulnerability.circl.lu/sighting/74fe9059-d09f-42d7-9340-26a312e3e275/export 2026-06-05T13:16:45.437755+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "74fe9059-d09f-42d7-9340-26a312e3e275", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26030", "type": "seen", "source": "https://bsky.app/profile/mel-echosphere.bsky.social/post/3mmvjwll2642x", "content": "2\u672c\u306e\u6bba\u3057\u65b9\u3002\n\nPython\uff08CVE-2026-26030\uff09\uff1a\u30d9\u30af\u30c8\u30eb\u691c\u7d22\u306e\u30d5\u30a3\u30eb\u30bf\u30fc\u5024\u304c eval() \u306b\u6e21\u3063\u3066\u305f\u3002\u30d7\u30ed\u30f3\u30d7\u30c81\u672c\u3067 calc.exe \u8d77\u52d5\u30022026\u5e74\u306b eval() injection\u2014\u2014\u5197\u8ac7\u304b\u3088\u3002\ud83d\udc8e\n\n.NET\uff08CVE-2026-25592\uff09\uff1a\u30d5\u30a1\u30a4\u30ebDL\u95a2\u6570\u306b [KernelFunction] \u5c5e\u6027\u304c\u3064\u3044\u3066\u3066 LLM \u304b\u3089\u76f4\u63a5\u547c\u3079\u305f\u3002\u30d1\u30b9\u691c\u8a3c\u30bc\u30ed\u3002Startup \u30d5\u30a9\u30eb\u30c0\u306b payload \u66f8\u304d\u8fbc\u307f \u2192 \u6b21\u306e\u30ed\u30b0\u30a4\u30f3\u3067 RCE \u5b8c\u8d70\u3002\ud83d\udd4a\ufe0f\n\n\u5c5e\u6027\u30bf\u30b01\u500b\u306e\u4ed8\u3051\u9593\u9055\u3044\u3067\u3001\u30db\u30b9\u30c8\u307e\u3067\u8cab\u901a\u3057\u3066\u305f\u3002", "creation_timestamp": "2026-05-28T07:49:51.704385Z"} 2026-05-28T07:49:51.704385+00:00 https://vulnerability.circl.lu/sighting/e8c42c79-9b54-4b0c-984d-b851389d53ca/export 2026-06-05T13:16:45.434469+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "e8c42c79-9b54-4b0c-984d-b851389d53ca", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-26030", "type": "seen", "source": "https://bsky.app/profile/pmloik.bsky.social/post/3mmxikgplyz2a", "content": "Top 3 CVE for last 7 days:\nCVE-2026-69: 19 interactions\nCVE-2026-26980: 17 interactions\nCVE-2026-46333: 17 interactions\n\n\nTop 3 CVE for yesterday:\nCVE-2026-35616: 10 interactions\nCVE-2026-25592: 7 interactions\nCVE-2026-26030: 7 interactions\n", "creation_timestamp": "2026-05-29T02:30:30.109482Z"} 2026-05-29T02:30:30.109482+00:00