AI Threat Alert
ATLAS Landscape
AML.T0085.001
AI Agent Tools
Adversaries may prompt the AI service to invoke various tools the agent has access to. Tools may retrieve data from different APIs or services in an organization.
21 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-33663 | n8n: member role steals plaintext HTTP credentials | n8n | 10.0 |
| CRITICAL | CVE-2025-47241 | browser-use: URL allowlist bypass enables SSRF in agents | browser-use | 9.3 |
| HIGH | CVE-2026-31829 | Flowise: SSRF via HTTP Node exposes internal network | flowise-components | 8.8 |
| HIGH | GHSA-4ggg-h7ph-26qr | n8n-mcp: authenticated SSRF leaks cloud metadata | n8n-mcp | 8.5 |
| HIGH | CVE-2026-35394 | mobile-mcp: intent injection enables device control via AI agent | 8.3 | |
| HIGH | CVE-2026-27826 | mcp-atlassian: SSRF allows internal network access | mcp-atlassian | 8.2 |
| HIGH | CVE-2025-61917 | n8n: Info Disclosure leaks sensitive data | n8n | 7.7 |
| HIGH | CVE-2023-32786 | LangChain: prompt injection triggers SSRF via URL fetch | langchain | 7.5 |
| HIGH | CVE-2026-21893 | n8n: Input Validation flaw enables exploitation | n8n | 7.2 |
| HIGH | GHSA-2x8m-83vc-6wv4 | Flowise: SSRF bypass exposes internal services | flowise-components | 7.1 |
| MEDIUM | CVE-2025-68477 | langflow: SSRF allows internal network access | langflow | 6.5 |
| MEDIUM | CVE-2026-6011 | OpenClaw: SSRF via web-fetch enables internal network pivot | openclaw | 5.6 |
| MEDIUM | CVE-2026-40152 | praisonaiagents: glob traversal leaks filesystem metadata | praisonaiagents | 5.3 |
| MEDIUM | CVE-2026-42282 | n8n-MCP: credential logging exposes OAuth tokens in HTTP mode | 4.3 | |
| MEDIUM | CVE-2026-27795 | LangChain: SSRF allows internal network access | 4.1 | |
| UNKNOWN | CVE-2026-2285 | CrewAI: arbitrary file read via JSON loader tool | — | |
| UNKNOWN | CVE-2026-2286 | CrewAI: SSRF via unvalidated RAG tool URLs exposes internal services | — | |
| HIGH | CVE-2026-44335 | praisonaiagents: SSRF via URL parser confusion bypass | praisonaiagents | — |
| UNKNOWN | CVE-2026-42229 | n8n: SQL injection in SeaTable node leaks restricted rows | n8n | — |
| UNKNOWN | CVE-2026-41274 | Flowise: Cypher injection via GraphCypherQAChain node | flowise | — |
| MEDIUM | GHSA-f934-5rqf-xx47 | OpenClaw: path traversal in memory_get reads arbitrary workspace files | openclaw | — |