Topic

#agent-security

2 articles exploring agent-security. Expert insights and analysis from our editorial team.

Showing 1–2 of 2 articles
Related topics:
semantic-kernel prompt-injection rce trust-boundary cve flowise

Articles

Newest first
Security

Microsoft Semantic Kernel Patches Two RCE Paths: eval() in Vector Filter, DownloadFileAsync Escape to Host

Microsoft discloses two CVSS 9.9 Semantic Kernel RCE bugs from tool-design flaws. Trust boundary is each annotated tool method, and all agent frameworks need auditing.
Security

Flowise's CVE-2026-41264 Turns an LLM-Written Import Into RCE, Breaking the Regex-Gated Sandbox

CVE-2026-41264 (CVSS 9.8) (see also agent-writable execution fields) shows how a regex import allowlist in Flowise's CSV Agent fails when the LLM writes the code: aliasing os as pandas bypasses the filter and reaches.
Browse All Topics