AI Threat Alert
AI Component
Plugin
Plugin and tool vulnerabilities affect the external integrations that extend AI systems — browser tools, code interpreters, API connectors, and file system access in agent frameworks.
125
Total CVEs
7
Pages
Page 5 of 7
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | GHSA-364x-8g5j-x2pr | n8n: stored XSS via malicious OAuth2 Authorization URL | n8n | 5.4 |
| UNKNOWN | CVE-2026-2275 | CrewAI: RCE via Docker fallback in CodeInterpreter | - | |
| UNKNOWN | CVE-2026-2285 | CrewAI: arbitrary file read via JSON loader tool | - | |
| UNKNOWN | CVE-2026-2287 | CrewAI: Docker sandbox fallback enables RCE | - | |
| HIGH | GHSA-m3mh-3mpg-37hw | OpenClaw: .npmrc hijack enables RCE on plugin install | openclaw | 8.6 |
| HIGH | GHSA-hr5v-j9h9-xjhg | OpenClaw: sandbox escape via mediaUrl path traversal | openclaw | 7.7 |
| HIGH | CVE-2026-29872 | awesome-llm-apps MCP Agent: cross-session credential theft | 8.2 | |
| HIGH | CVE-2026-34955 | PraisonAI: sandbox escape via shell=True blocklist bypass | praisonai | 8.8 |
| HIGH | CVE-2026-34937 | PraisonAI: OS command injection via run_python() shell escape | praisonaiagents | 7.8 |
| CRITICAL | CVE-2026-34938 | praisonaiagents: sandbox bypass enables full host RCE | praisonaiagents | 10.0 |
| HIGH | CVE-2026-34222 | Open WebUI: access control bypass leaks Tool Valve API keys | open-webui | 7.7 |
| MEDIUM | GHSA-9q7v-8mr7-g23p | OpenClaw: SSRF in marketplace fetch hits internal AI infra | openclaw | - |
| HIGH | CVE-2026-35175 | Ajenti: missing authz lets any user install packages | - | |
| HIGH | CVE-2026-35394 | mobile-mcp: intent injection enables device control via AI agent | 8.3 | |
| MEDIUM | CVE-2026-34425 | OpenClaw: script preflight bypass enables unsafe exec | openclaw | - |
| MEDIUM | GHSA-fh32-73r9-rgh5 | OpenClaw: CDP host bypass exposes localhost browser state | openclaw | - |
| MEDIUM | GHSA-w6wx-jq6j-6mcj | openclaw: script swap bypasses pnpm dlx approval | openclaw | - |
| MEDIUM | GHSA-2qrv-rc5x-2g2h | OpenClaw: untrusted plugin RCE via workspace channel setup | openclaw | - |
| MEDIUM | GHSA-846p-hgpv-vphc | OpenClaw: path traversal → host file exfiltration via QQ Bot | openclaw | - |
| MEDIUM | GHSA-wpc6-37g7-8q4w | OpenClaw: exec allowlist bypass via shell init-file options | openclaw | - |