3 matches found
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
Overview langroid is a Harness LLMs with Multi-Agent Programming Affected versions of this package are vulnerable to Improper Neutralization of Special Elements in Output Used by a Downstream Component 'Injection' via the handlemessage process. An attacker can execute arbitrary tool handlers by...
EUVD-2026-31471
Missing input source validation in the tool authorization prompt in Kiro CLI before 1.28.0 allows a local attacker to execute arbitrary tools, including shell commands, without user approval by crafting content that is piped to kiro-cli via stdin. We recommend you to upgrade to kiro-cli version...
Use of Incorrectly-Resolved Name or Reference
Overview Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the MCPTool.Name sanitization in the NewMCPTool registration process in internal/agent/tools. An attacker can execute arbitrary MCP tools and inject prompts to exfiltrate context by...