AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 8 of 23
Current
Severity CVE CVSS
MEDIUM CVE-2026-40190 5.6
HIGH GHSA-p4h8-56qp-hpgv -
CRITICAL CVE-2025-61260 9.8
HIGH CVE-2026-30617 8.6
HIGH GHSA-gqqj-85qm-8qhf 8.7
HIGH GHSA-w8hx-hqjv-vjcq 7.3
HIGH GHSA-28g4-38q8-3cwc -
HIGH GHSA-2x8m-83vc-6wv4 7.1
HIGH GHSA-xhmj-rg95-44hv 7.1
HIGH GHSA-cvrr-qhgw-2mm6 7.7
HIGH GHSA-f228-chmx-v6j6 8.3
MEDIUM GHSA-qqvm-66q4-vf5c -
LOW GHSA-gj9q-8w99-mp8j -
CRITICAL CVE-2026-40933 9.9
MEDIUM GHSA-f934-5rqf-xx47 -
HIGH GHSA-mr34-9552-qr95 -
CRITICAL GHSA-xh72-v6v9-mwhc -
MEDIUM GHSA-jhpv-5j76-m56h -
HIGH GHSA-2cq5-mf3v-mx44 -
MEDIUM GHSA-536q-mj95-h29h -

Page 8 of 23