AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 16 of 23
Current
Severity CVE CVSS
HIGH GHSA-x92v-rpx6-p6cw 8.6
HIGH GHSA-vxgj-xg5c-p4h7 8.5
CRITICAL GHSA-4869-x4pr-q22x 9.8
MEDIUM GHSA-pv2j-rghr-v5r9 6.5
MEDIUM GHSA-6h9p-93hq-q7h6 6.5
HIGH GHSA-w6h2-fr4q-xvxv 8.8
HIGH GHSA-j7qx-p75m-wp7g 7.5
HIGH GHSA-vmf9-xx9w-86wx 8.3
HIGH GHSA-8579-rgg5-ph2m 8.8
HIGH GHSA-5jv7-2mjm-h6qj 8.8
CRITICAL GHSA-p69m-4f92-2v84 9.8
CRITICAL GHSA-vmmj-pfw7-fjwp 9.9
HIGH CVE-2026-54002 -
MEDIUM CVE-2026-50188 -
UNKNOWN CVE-2026-49276 -
MEDIUM CVE-2026-22551 -
HIGH CVE-2026-46580 -
MEDIUM CVE-2026-56074 5.5
MEDIUM GHSA-vmhf-c436-hxj4 -
HIGH GHSA-vcv2-r9jh-99m5 8.8

Page 16 of 23