188 matches found
CVE-2026-31233
Guardrails AI thru 0.6.7 contains a code injection vulnerability CWE-94 in its Hub package installation mechanism. When installing validator packages via guardrails hub install, the system retrieves a manifest from the Guardrails Hub and dynamically executes a script specified in the postinstall...
CVE-2026-31233
CVE-2026-31233 affects Guardrails AI through version 0.6.7. The vulnerability resides in the Hub package installation mechanism: when installing validator packages, the system fetches a manifest from the Guardrails Hub and dynamically executes a script specified in the post_install field. The scr...
Guardrails 安全漏洞
Guardrails is a Python framework open source by Guardrails AI. Versions of Guardrails 0.6.7 and earlier contained security vulnerabilities. These vulnerabilities stemmed from the Hub package installation mechanism, which retrieved lists from the Guardrails Hub when installing the validationer...
PT-2026-40120
Name of the Vulnerable Software and Affected Versions Guardrails AI versions prior to 0.6.8 Description A code injection issue exists in the Hub package installation mechanism. When installing validator packages using the command guardrails hub install, the system retrieves a manifest from the...
EUVD-2026-21376
LiteLLM has a sandbox escape in custom-code guardrail...
EUVD-2024-0951
phpseclib guardrails needed on OID length...
GHSA-F2QX-66WF-WVVX phpseclib guardrails needed on OID length
Impact Any application using that loads untrusted ASN1 files eg. X509 certificates, RSA PKCS8 private or public keys, etc. Patches https://github.com/phpseclib/phpseclib/commit/e32531001b4d62c66c3d824ccef54ffad835eb59 Workarounds No. Resources...
ClaudeBleed Vulnerability Lets Hackers Hijack Claude Chrome Extension to Steal Data
The ClaudeBleed vulnerability allows hackers to bypass Claude for Chrome guardrails to exfiltrate private Google Drive and Gmail data...
phpseclib: guardrails needed on isPrime and randomPrime
Impact Anyone trying to generate a prime and testing the primality of a number. Patches https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575 Workarounds Using the GMP extension would probably help, assuming that one has its own guardrails. Resources...
EUVD-2024-0936
phpseclib: guardrails needed on isPrime and randomPrime...
GHSA-2528-JW5Q-WW88 phpseclib: guardrails needed on isPrime and randomPrime
Impact Anyone trying to generate a prime and testing the primality of a number. Patches https://github.com/phpseclib/phpseclib/commit/ad5dbdf2129f5e0fb644637770b7f33de8ca8575 Workarounds Using the GMP extension would probably help, assuming that one has its own guardrails. Resources...
Wiz Code Week Recap: Securing AI Native Development
Providing Application Security teams with visibility and guardrails to secure agentic software development and the modern software supply chain...
A Comparative Evaluation of AI Agent Security Guardrails
This report presents a comparative evaluation of DKnownAI Guard in AI agent security scenarios, benchmarked against three competing products: AWS Bedrock Guardrails, Azure Content Safety, and Lakera Guard. Using human annotation as the ground truth, we assess each guardrail's ability to detect tw...
UNSEEN: A Cross-Stack LLM Unlearning Defense against AR-LLM Social Engineering Attacks
Emerging AR-LLM-based Social Engineering attack e.g., SEAR is at the edge of posing great threats to real-world social life. In such AR-LLM-SE attack, the attacker can leverage AR Augmented Reality glass to capture the image and vocal information of the target, using the LLM to identify the targe...
ai-security-poc
AI Security POC A fully containerised proof-of-concept for te...
Deterministic + Agentic AI: The Architecture Exposure Validation Requires
Few technologies have moved from experimentation to boardroom mandate as quickly as AI. Across industries, leadership teams have embraced its broader potential, and boards, investors, and executives are already pushing organizations to adopt it across operational and security functions. Pentera’s...
Challenges and Future Directions in Agentic Reverse Engineering Systems
Agentic systems built on large language models LLMs are increasingly being used for complex security tasks, including binary reverse engineering RE. Despite recent growth in popularity and capability, these systems continue to face limitations in realistic settings. Cutting-edge systems still fai...
CVE-2026-40217
A flaw was found in LiteLLM. A remote attacker can exploit this flaw by performing bytecode rewriting at the /guardrails/testcustomcode URI. This could lead to arbitrary code execution, allowing the attacker to run malicious code on the affected system. Mitigation Mitigation for this issue is...
Arbitrary Code Injection
Overview litellm is a Library to easily interface with LLM API providers Affected versions of this package are vulnerable to Arbitrary Code Injection in the /guardrails/testcustomcode endpoint through bytecode rewriting. An attacker can execute arbitrary code by sending specially crafted requests...
CVE-2026-40217
LiteLLM through 2026-04-08 allows remote attackers to execute arbitrary code via bytecode rewriting at the /guardrails/testcustomcode URI...