AI Component

Agent

Agents are LLM applications that can take actions — call tools, write files, hit APIs, browse the web, or invoke other agents. That capability shifts the security model fundamentally: a prompt-injection payload in a chat app is annoying, but the same payload in an agent can trigger real actions (send email, transfer funds, push code). Indirect prompt injection is especially dangerous here because agents routinely consume untrusted content (web pages, emails, files) where attacker instructions can hide. The OWASP LLM Top 10 added "Excessive Agency" as LLM08 specifically for this class. AI Threat Alert tracks CVEs in popular agent frameworks (LangGraph, CrewAI, AutoGen, AutoGPT, LangChain agents) and incident reports from AIID for production agent misuse. Defenses: human-in-the-loop for irreversible actions, scoped tool permissions, separate trust boundaries between agent-controlled and user-controlled context, and budget caps on tool invocation.

553

Total CVEs

Pages

Page 2 of 28

Current

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2026-27577	n8n: Code Injection enables RCE	n8n	9.9
MEDIUM	CVE-2026-27578	n8n: XSS enables session hijacking	n8n	5.4
CRITICAL	CVE-2023-29374	LangChain: RCE via prompt injection in LLMMathChain	langchain	9.8
CRITICAL	CVE-2023-34540	LangChain: RCE via JiraAPIWrapper crafted input	langchain	9.8
CRITICAL	CVE-2023-34541	LangChain: RCE via unsafe load_prompt deserialization	langchain	9.8
CRITICAL	CVE-2023-36258	LangChain: unauthenticated RCE via code injection	langchain	9.8
CRITICAL	CVE-2023-36188	LangChain: RCE via PALChain unsanitized Python exec	langchain	9.8
HIGH	CVE-2023-36189	LangChain SQLDatabaseChain: SQL injection, DB exfil	langchain	7.5
CRITICAL	CVE-2023-36095	LangChain PALChain: RCE via unsanitized exec() calls	langchain	9.8
CRITICAL	CVE-2023-38860	LangChain: RCE via unsanitized prompt parameter	langchain	9.8
CRITICAL	CVE-2023-38896	LangChain: RCE via unsandboxed LLM code execution	langchain	9.8
CRITICAL	CVE-2023-39659	LangChain: RCE via unsanitized PythonAstREPL input	langchain	9.8
CRITICAL	CVE-2023-36281	LangChain: RCE via malicious JSON prompt template	langchain	9.8
CRITICAL	CVE-2023-39631	LangChain: RCE via numexpr evaluate injection	langchain	9.8
CRITICAL	CVE-2023-44467	LangChain: RCE bypass via __import__ in PAL chain	langchain_experimental	9.8
HIGH	CVE-2023-32786	LangChain: prompt injection triggers SSRF via URL fetch	langchain	7.5
CRITICAL	CVE-2024-27444	LangChain Experimental: RCE via Python sandbox escape	langchain-experimental	9.8
HIGH	CVE-2024-28088	LangChain: path traversal enables RCE and API key theft	langchain	8.1
HIGH	CVE-2024-3571	LangChain: path traversal allows arbitrary file R/W	langchain	8.8
HIGH	CVE-2024-37058	MLflow: RCE via malicious LangChain model deserialization	mlflow	8.8

Page 2 of 28

Previous Next

Related AI Components

Framework API Model Inference Training Data RAG

Agent

Related AI Components

Weekly CISO Take + top threats