AI Threat Alert
ATLAS Landscape
AML.T0099
AI Agent Tool Data Poisoning
Adversaries may place malicious content on a victim's system where it can be retrieved by an AI Agent Tool. This may be accomplished by placing documents in a location that will be ingested by a service the AI agent has associated tools for. The content may be targeted such that it would often be retrieved by common queries. The adversary's content may include false or misleading information. It may also include prompt injections with malicious instructions.
7 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-27497 | n8n: SQL Injection exposes database | n8n | 8.8 |
| HIGH | CVE-2026-44552 | open-webui: Redis cache poisoning enables cross-instance tool hijack | open-webui | 8.7 |
| HIGH | CVE-2026-25055 | n8n: Path Traversal enables file access | n8n | 8.1 |
| HIGH | CVE-2026-33724 | n8n: SSH MitM enables malicious workflow injection | n8n | 7.4 |
| MEDIUM | CVE-2026-35651 | OpenClaw: ANSI injection spoof AI agent approval prompts | openclaw | 4.3 |
| MEDIUM | CVE-2025-14371 | AI component: Missing Auth allows unauthorized operations | 4.3 | |
| UNKNOWN | CVE-2026-41686 | @anthropic-ai/sdk: insecure file perms expose agent memory | @anthropic-ai/sdk | — |