AI Component

Agent

AI agent frameworks (AutoGPT, CrewAI, LangGraph, etc.) orchestrate LLM-powered autonomous actions. Their tool-use capabilities create unique attack surfaces not present in simple chat interfaces.

293

Total CVEs

Pages

Page 1 of 15

Current

Severity	CVE	Headline	Package	CVSS
MEDIUM	CVE-2026-27795	LangChain: SSRF allows internal network access		4.1
CRITICAL	CVE-2026-27966	langflow: Code Injection enables RCE	langflow	9.8
HIGH	CVE-2026-25750	langsmith: security flaw enables exploitation	langsmith	8.1
CRITICAL	CVE-2026-28451	OpenClaw: SSRF via Feishu extension exposes internal services	openclaw	9.3
CRITICAL	CVE-2026-30741	OpenClaw: RCE via request-side prompt injection	openclaw	9.8
CRITICAL	CVE-2026-25960	vllm: SSRF allows internal network access	vllm	9.8
CRITICAL	CVE-2026-33017	langflow: Code Injection enables RCE	langflow	9.8
HIGH	CVE-2026-33053	langflow: IDOR enables unauthorized data access	langflow	8.8
MEDIUM	CVE-2026-27167	gradio: Weak Credentials allow account compromise	gradio	5.9
HIGH	CVE-2026-30820	Flowise: header spoof auth bypass exposes admin API & creds	flowise	8.8
UNKNOWN	CVE-2026-30822	Flowise: mass assignment allows unauthenticated DB injection	flowise	-
UNKNOWN	CVE-2026-30823	Flowise: IDOR enables account takeover and SSO bypass	flowise	-
CRITICAL	CVE-2026-30824	Flowise: auth bypass exposes NVIDIA NIM container endpoints	flowise	9.8
HIGH	CVE-2026-31829	Flowise: SSRF via HTTP Node exposes internal network	flowise	8.8
HIGH	CVE-2026-27905	bentoml: security flaw enables exploitation	bentoml	7.8
CRITICAL	CVE-2026-27493	n8n: Code Injection enables RCE	n8n	9.0
CRITICAL	CVE-2026-27494	n8n: security flaw enables exploitation	n8n	9.9
CRITICAL	CVE-2026-27495	n8n: Code Injection enables RCE	n8n	9.9
HIGH	CVE-2026-27497	n8n: SQL Injection exposes database	n8n	8.8
HIGH	CVE-2026-27498	n8n: Code Injection enables RCE	n8n	8.8

Page 1 of 15

Related AI Components

Framework API Model Inference Training Data RAG

Agent

Related AI Components

Weekly CISO Take + top threats