AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 12 of 23
Current
Severity CVE CVSS
MEDIUM CVE-2026-43570 6.5
MEDIUM CVE-2026-42282 4.3
CRITICAL CVE-2026-44336 9.6
CRITICAL CVE-2026-43995 9.8
CRITICAL CVE-2026-42074 -
HIGH CVE-2026-44246 7.2
HIGH CVE-2026-45136 -
HIGH GHSA-m99r-2hxc-cp3q -
MEDIUM CVE-2026-44899 4.7
CRITICAL CVE-2026-44791 9.9
HIGH CVE-2026-44790 8.8
CRITICAL CVE-2026-44789 9.9
HIGH CVE-2026-45370 7.7
HIGH CVE-2026-45350 7.1
CRITICAL CVE-2026-45311 9.6
HIGH CVE-2026-45310 7.4
MEDIUM CVE-2026-45582 6.5
HIGH CVE-2026-45707 8.1
MEDIUM GHSA-2vx9-7wpg-88jq 6.4
HIGH GHSA-hv85-774v-26fg 8.2

Page 12 of 23