AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 21 of 23
Current
Severity CVE CVSS
MEDIUM GHSA-7cqp-7cfv-6c3q -
HIGH CVE-2026-55249 8.8
MEDIUM CVE-2026-56358 5.4
CRITICAL CVE-2026-12537 -
CRITICAL CVE-2025-71338 10.0
MEDIUM CVE-2026-9699 6.8
HIGH CVE-2026-57527 8.8
MEDIUM CVE-2026-58057 5.0
HIGH CVE-2026-57947 8.5
HIGH CVE-2026-10564 8.2
CRITICAL CVE-2026-10134 10.0
CRITICAL CVE-2026-7663 9.8
UNKNOWN CVE-2026-56277 -
MEDIUM CVE-2026-56356 5.4
MEDIUM CVE-2026-56777 5.0
HIGH CVE-2026-13731 7.2
HIGH CVE-2026-49857 7.4
MEDIUM GHSA-9c3v-684m-579c 6.5
MEDIUM CVE-2026-50280 -
HIGH CVE-2025-69134 7.5

Page 21 of 23