Introduction to Reporting
Knowledge Base
API Reference
Knowledge Base / Microsoft.SemanticKernel Vulnerability in Telerik Reporting AI Packages
New to Telerik ReportingStart a free 30-day trial

Microsoft.SemanticKernel Vulnerability in Telerik Reporting AI Packages

Environment

ProductVersion
Progress® Telerik® ReportingPrior to 20.0.26.211

Description

Microsoft has published an Arbitrary File Write vulnerability in the Semantic Kernel .NET SDK (Microsoft.SemanticKernel.Core).

If your application uses Telerik Reporting AI packages that depend on Telerik.Reporting.AI.RAG, the vulnerable Microsoft.SemanticKernel.Core package can be brought in transitively.

The impacted packages are:

  • Telerik.Reporting.AI.Microsoft.Extensions.Abstractions
  • Telerik.Reporting.AI.Microsoft.Extensions.AzureAIInference
  • Telerik.Reporting.AI.Microsoft.Extensions.AzureOpenAI
  • Telerik.Reporting.AI.Microsoft.Extensions.Ollama
  • Telerik.Reporting.AI.Microsoft.Extensions.OpenAI
  • Telerik.Reporting.AI.RAG

Visual Studio may display the warning “This solution contains packages with vulnerabilities” when the vulnerable dependency is present.

Solution

Upgrade the Telerik Reporting AI packages to version 20.0.26.211 or later. This updates the transitive dependency chain and removes the vulnerable Microsoft.SemanticKernel.Core version.

In this article
EnvironmentDescriptionSolution
Not finding the help you need?
Contact Support