AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 6 of 23
Current
Severity CVE CVSS
HIGH GHSA-vfw7-6rhc-6xxg -
MEDIUM GHSA-vjx8-8p7h-82gr -
MEDIUM GHSA-4g5x-2jfc-xm98 -
MEDIUM GHSA-h2v7-xc88-xx8c -
MEDIUM CVE-2026-39398 -
HIGH CVE-2026-39891 8.8
HIGH GHSA-4ggg-h7ph-26qr 8.5
HIGH GHSA-7437-7hg8-frrw -
HIGH GHSA-jf56-mccx-5f3f -
HIGH GHSA-gfmx-pph7-g46x -
HIGH CVE-2026-39974 8.5
MEDIUM GHSA-ccx3-fw7q-rr2r -
MEDIUM GHSA-3vvq-q2qc-7rmp -
HIGH GHSA-qx8j-g322-qj6m -
MEDIUM GHSA-w9j9-w4cp-6wgr -
MEDIUM GHSA-w8g9-x8gx-crmm -
LOW GHSA-4f8g-77mw-3rxc -
MEDIUM GHSA-vr5g-mmx7-h897 -
MEDIUM GHSA-67mf-f936-ppxf -
LOW GHSA-5fc7-f62m-8983 -

Page 6 of 23