AI Threat Alert
Attack Type
Prompt Injection
Prompt injection is an attack technique where an adversary crafts malicious input to manipulate LLM behavior, bypassing system instructions to execute unauthorized actions, extract data, or alter outputs. It is the most prevalent attack vector against AI systems.
58
Total CVEs
3
Pages
Page 1 of 3
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-27966 | langflow: Code Injection enables RCE | langflow | 9.8 |
| HIGH | CVE-2026-25750 | langsmith: security flaw enables exploitation | langsmith | 8.1 |
| UNKNOWN | CVE-2026-25083 | GROWI: Missing Auth allows unauthorized operations | - | |
| CRITICAL | CVE-2026-28451 | OpenClaw: SSRF via Feishu extension exposes internal services | openclaw | 9.3 |
| CRITICAL | CVE-2026-30741 | OpenClaw: RCE via request-side prompt injection | openclaw | 9.8 |
| MEDIUM | CVE-2026-27578 | n8n: XSS enables session hijacking | n8n | 5.4 |
| CRITICAL | CVE-2023-29374 | LangChain: RCE via prompt injection in LLMMathChain | langchain | 9.8 |
| CRITICAL | CVE-2023-36095 | LangChain PALChain: RCE via unsanitized exec() calls | langchain | 9.8 |
| CRITICAL | CVE-2023-38860 | LangChain: RCE via unsanitized prompt parameter | langchain | 9.8 |
| CRITICAL | CVE-2023-38896 | LangChain: RCE via unsandboxed LLM code execution | langchain | 9.8 |
| CRITICAL | CVE-2023-39659 | LangChain: RCE via unsanitized PythonAstREPL input | langchain | 9.8 |
| HIGH | CVE-2023-32786 | LangChain: prompt injection triggers SSRF via URL fetch | langchain | 7.5 |
| HIGH | CVE-2024-38459 | LangChain: Python REPL code execution without opt-in | langchain-experimental | 7.8 |
| HIGH | CVE-2024-21513 | langchain-experimental: RCE via eval() in VectorSQL chain | langchain-experimental | 8.5 |
| CRITICAL | CVE-2024-7042 | LangChainJS: prompt injection enables full graph DB takeover | langchain | 9.8 |
| CRITICAL | CVE-2024-8309 | LangChain GraphCypher: prompt injection enables DB wipe | langchain | 9.8 |
| CRITICAL | CVE-2025-46059 | LangChain GmailToolkit: indirect prompt injection to RCE | 9.8 | |
| HIGH | CVE-2025-65106 | langchain-core: security flaw enables exploitation | langchain-core | - |
| HIGH | CVE-2024-58340 | langchain: security flaw enables exploitation | langchain | 7.5 |
| HIGH | CVE-2025-5018 | Hive Support WP: OpenAI key theft + prompt hijack | 7.1 |
Page 1 of 3