AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 5 of 23
Current
Severity CVE CVSS
MEDIUM GHSA-364x-8g5j-x2pr 5.4
CRITICAL CVE-2026-2275 9.6
HIGH CVE-2026-2285 7.5
CRITICAL CVE-2026-2287 9.8
HIGH GHSA-m3mh-3mpg-37hw 8.6
HIGH GHSA-hr5v-j9h9-xjhg 7.7
HIGH CVE-2026-29872 8.2
HIGH CVE-2026-34955 8.8
HIGH CVE-2026-34937 7.8
CRITICAL CVE-2026-34938 10.0
HIGH CVE-2026-34222 7.7
MEDIUM GHSA-9q7v-8mr7-g23p -
HIGH CVE-2026-35175 -
HIGH CVE-2026-35394 8.3
MEDIUM CVE-2026-34425 -
MEDIUM GHSA-fh32-73r9-rgh5 -
MEDIUM GHSA-w6wx-jq6j-6mcj -
MEDIUM GHSA-2qrv-rc5x-2g2h -
MEDIUM GHSA-846p-hgpv-vphc -
MEDIUM GHSA-wpc6-37g7-8q4w -

Page 5 of 23