When prompts become shells: the tool registry is the attack surface
On May 7, 2026, Microsoft published "When Prompts Become Shells: RCE vulnerabilities in AI agent frameworks" — a retrospective on two Critical (9.9) CVEs in Semantic Kernel that landed in February and were patched within days. The CVEs are bad. The framing is worse — and worth reading carefully. eva
ORIGINAL SOURCE →via Dev.to
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] Ollama Out-of-Bounds Read Vulnerability Allows Remote Process Memory Leak
- [CYBER] Linux Kernel Killswitch Proposed After Recent Vulnerability Disclosures
- [CYBER] Is Your Claude Code Safe From Base64? Inside 2026 AI Agent Attacks
- [CYBER] Summer Travel Is a Mess. The Points Guy Tells Us How to Hack It
- [CYBER] CVE-2022-50970 - WordPress Plugin AAWP 3.16 Reflected XSS via tab Parameter
- [CYBER] CVE-2022-50969 - uBidAuction 2.0.1 mailingLog manage Reflected XSS