AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 7 of 23
Current
Severity CVE CVSS
MEDIUM GHSA-3fv3-6p2v-gxwj -
HIGH GHSA-5wj5-87vq-39xm -
MEDIUM GHSA-cmfr-9m2r-xwhq -
MEDIUM GHSA-qqq7-4hxc-x63c -
LOW GHSA-cm8v-2vh9-cxf3 -
MEDIUM CVE-2026-40117 6.2
HIGH CVE-2026-40150 7.7
MEDIUM CVE-2026-35651 4.3
CRITICAL GHSA-8x8f-54wf-vv92 9.1
HIGH GHSA-g985-wjh9-qxxc 8.4
HIGH CVE-2026-40160 -
MEDIUM CVE-2026-40159 5.5
HIGH CVE-2026-40156 7.8
CRITICAL CVE-2026-40154 9.3
MEDIUM CVE-2026-40152 5.3
HIGH CVE-2026-40153 7.4
MEDIUM CVE-2026-6011 5.6
HIGH GHSA-75hx-xj24-mqrw 8.2
MEDIUM CVE-2026-35646 4.8
HIGH CVE-2026-35629 7.4

Page 7 of 23