AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 10 of 23
Current
Severity CVE CVSS
HIGH CVE-2026-41270 8.3
MEDIUM CVE-2026-6393 4.3
HIGH CVE-2026-40068 -
MEDIUM GHSA-7jm2-g593-4qrc -
MEDIUM GHSA-qrp5-gfw2-gxv4 -
LOW GHSA-c4qg-j8jg-42q5 -
MEDIUM GHSA-mj59-h3q9-ghfh -
MEDIUM GHSA-hxvm-xjvf-93f3 -
MEDIUM GHSA-72q8-jcmc-97wx -
MEDIUM GHSA-wg4g-395p-mqv3 4.3
MEDIUM GHSA-gfg9-5357-hv4c -
MEDIUM GHSA-c28g-vh7m-fm7v -
UNKNOWN CVE-2026-42232 -
UNKNOWN CVE-2026-42231 -
UNKNOWN CVE-2026-42235 -
UNKNOWN CVE-2026-42234 -
UNKNOWN CVE-2026-42228 -
UNKNOWN CVE-2026-42229 -
UNKNOWN CVE-2026-42237 -
HIGH CVE-2026-42449 8.5

Page 10 of 23