AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 11 of 23
Current
Severity CVE CVSS
MEDIUM CVE-2026-41358 5.4
MEDIUM GHSA-5h3g-6xhh-rg6p -
HIGH GHSA-wppj-c6mr-83jj -
MEDIUM GHSA-x3h8-jrgh-p8jx -
MEDIUM GHSA-55cf-xx38-4p9p -
MEDIUM GHSA-2hh7-c75g-qj2r -
HIGH GHSA-cwj3-vqpp-pmxr 8.8
HIGH GHSA-r39h-4c2p-3jxp 7.8
MEDIUM GHSA-q8ff-7ffm-m3r9 6.0
HIGH CVE-2026-42266 8.8
MEDIUM CVE-2026-43901 6.8
HIGH CVE-2026-44334 8.4
HIGH CVE-2026-44335 -
HIGH CVE-2026-42557 8.8
MEDIUM GHSA-cqmh-pcgr-q42f 5.5
HIGH CVE-2026-44552 8.7
HIGH GHSA-8g7g-hmwm-6rv2 8.3
UNKNOWN CVE-2026-44694 -
MEDIUM CVE-2026-44708 6.1
CRITICAL CVE-2026-44211 9.6

Page 11 of 23