AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 15 of 23
Current
Severity CVE CVSS
UNKNOWN CVE-2026-54310 -
UNKNOWN CVE-2026-49465 -
UNKNOWN CVE-2026-49444 -
HIGH CVE-2026-53840 7.1
MEDIUM CVE-2026-53851 5.3
HIGH CVE-2026-53855 8.1
HIGH CVE-2026-53863 7.1
HIGH CVE-2026-53864 8.1
UNKNOWN CVE-2026-54304 -
UNKNOWN CVE-2026-54309 -
UNKNOWN CVE-2026-54305 -
UNKNOWN CVE-2026-54302 -
MEDIUM CVE-2026-54303 -
UNKNOWN CVE-2026-54312 -
HIGH CVE-2025-60223 7.7
HIGH CVE-2026-54011 8.7
HIGH GHSA-4pcv-mg8v-vrgf 8.8
CRITICAL GHSA-29w3-p9w9-wc47 9.1
HIGH GHSA-c969-5x3p-vq3v 8.1
CRITICAL GHSA-p75f-6fp4-p57w 9.8

Page 15 of 23