AI Component

Plugin

Plugins and tools are the bridge between an LLM and the world outside it: a web-fetch tool, a code interpreter, a shell, an email API, a calendar integration. Each tool the agent can invoke is a new piece of attack surface, and the agent's prompt-injection problem becomes the tool's authorization problem. Common patterns we see in CVEs and AIID reports include over-broad tool permissions (an email-sending tool with no recipient allowlist), SSRF in browse-the-web tools, RCE in code-interpreter sandboxes that escape too easily, and confused-deputy attacks where the agent invokes a tool on behalf of an attacker-controlled prompt instead of the legitimate user. OpenAI's plugin ecosystem and ChatGPT's tool framework have shipped published vulnerabilities; LangChain, LangGraph, CrewAI, and AutoGen have each had agent-tool CVEs. Defenses: least-privilege tool scopes, human-in-the-loop on irreversible actions, separate trust contexts, and auditable tool invocation logs.

455
Total CVEs
23
Pages
Page 9 of 23
Current
Severity CVE CVSS
MEDIUM GHSA-qmwg-qprg-3j38 -
HIGH GHSA-939r-rj45-g2rj -
MEDIUM GHSA-527m-976r-jf79 -
MEDIUM GHSA-rj2p-j66c-mgqh -
MEDIUM GHSA-f3h5-h452-vp3j -
HIGH GHSA-82qx-6vj7-p8m2 -
MEDIUM GHSA-jf25-7968-h2h5 -
MEDIUM GHSA-53vx-pmqw-863c -
MEDIUM GHSA-2767-2q9v-9326 -
MEDIUM GHSA-7wv4-cc7p-jhxc -
MEDIUM GHSA-c9h3-5p7r-mrjh -
MEDIUM GHSA-7g8c-cfr3-vqqr -
HIGH GHSA-vfp4-8x56-j7c5 -
MEDIUM GHSA-j6c7-3h5x-99g9 -
MEDIUM GHSA-g2hm-779g-vm32 -
MEDIUM GHSA-c4qm-58hj-j6pj -
MEDIUM CVE-2026-6599 6.3
MEDIUM CVE-2026-39378 6.5
HIGH GHSA-2r2p-4cgf-hv7h -
MEDIUM CVE-2026-41495 5.3

Page 9 of 23