GHSA-659X-HM75-HPV7 AgentScope vulnerable to Server-Side Request Forgery

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

CVE-2026-6604 modelscope agentscope Cloud Metadata Endpoint _openai_tools.py openai_audio_to_text server-side request forgery

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parseurl/prepareimage/openaiaudiototext of the file src/agentscope/tool/multimodality/openaitools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

CVE-2026-6604

The CVE-2026-6604 entry affects modelscope agentscope up to version 1.0.18, specifically the Cloud Metadata Endpoint’s _openai_tools.py functions _parse_url, prepare_image, and openai_audio_to_text. The vulnerability arises from manipulating image_url/audio_file_url, enabling server-side request ...

PT-2026-33710

A vulnerability was identified in modelscope agentscope up to 1.0.18. Affected by this issue is the function parse url/prepare image/openai audio to text of the file src/agentscope/tool/ multi modality/ openai tools.py of the component Cloud Metadata Endpoint. Such manipulation of the argument...

PT-2026-33733

A flaw has been found in langgenius dify up to 1.13.3. This issue affects the function parse openai plugin json to tool bundle of the file api/core/tools/utils/parser.py of the component ApiBasedToolSchemaParser. Executing a manipulation of the argument url can lead to server-side request forgery...

CVE-2026-1839 vulnerabilities

Vulnerabilities for packages: py3-transformers, nemo, vllm-openai-cuda-12.9, tritonserver-backend-vllm-cuda-13.0, lmcache-cuda-12.8...

GHSA-69W3-R845-3855 vulnerabilities

Vulnerabilities for packages: py3-transformers, nemo, vllm-openai-cuda-12.9, tritonserver-backend-vllm-cuda-13.0, lmcache-cuda-12.8...

Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials

Summary The text-to-speech generation endpoint POST /api/v1/text-to-speech/generate is whitelisted no auth and accepts a credentialId directly in the request body. When called without a chatflowId, the endpoint uses the provided credentialId to decrypt the stored credential e.g., OpenAI or...

GHSA-5FW2-MWHH-9947 Flowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentials

Summary The text-to-speech generation endpoint POST /api/v1/text-to-speech/generate is whitelisted no auth and accepts a credentialId directly in the request body. When called without a chatflowId, the endpoint uses the provided credentialId to decrypt the stored credential e.g., OpenAI or...

agent-builder (>=0.0.2 <=0.1.7), agent-zero-lite (>=1.0.6 <=1.0.16) +69 more potentially affected by CVE-2026-41488 via langchain-openai (>=1.0.0 <=1.1.12)

langchain-openai PYPI version =1.0.0, =0.0.2, =1.0.6, =1.0.0, =0.1.0, =0.0.4, =3.0.3, =0.0.1, =0.0.48, =0.0.54, =0.1.2, =0.0.6, =0.1.0, =0.1.4 and more Source cves: CVE-2026-41488 Source advisory: SNYK:PYTHON-LANGCHAINOPENAI-16097112...

Server-side Request Forgery (SSRF)

Overview langchain-openai is an An integration package connecting OpenAI and LangChain Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the image token counting urltosize function. An attacker can access internal network resources by exploiting a DNS...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +885 more potentially affected by CVE-2026-41488 via langchain-openai (>=0.0.1 <=1.1.12)

langchain-openai PYPI version =0.0.1, =0.1.0, =0.1.0, =0.1.0b0, =0.0.1, =4.8.2, =0.0.1a1, =0.1.3, =1.0.0rc1, =3.2.0, =0.1.0, =0.1.1, =0.0.1a0, =2.1.7, =2.1.8 and more Source cves: CVE-2026-41488 Source advisory: OSV:GHSA-R7W7-9XR2-QQ2R...

GHSA-GQQJ-85QM-8QHF Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email

Summary A Paperclip-managed codexlocal runtime was able to access and use a Gmail connector that I had connected in the ChatGPT/OpenAI apps UI, even though I had not explicitly connected Gmail inside Paperclip or separately inside Codex. In my environment this enabled mailbox access and a real...

Paperclip: codex_local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email

Summary A Paperclip-managed codexlocal runtime was able to access and use a Gmail connector that I had connected in the ChatGPT/OpenAI apps UI, even though I had not explicitly connected Gmail inside Paperclip or separately inside Codex. In my environment this enabled mailbox access and a real...

GHSA-W8HX-HQJV-VJCQ Paperclip: Malicious skills able to exfiltrate and destroy all user data

Summary An arbitrary code execution vulnerability in the workspace runtime service allows any agent to execute shell commands on the server, exposing all environment variables including API keys, JWT secrets, and database credentials. Details A malicious skill can instruct the agent to exploit th...

CVE-2025-61260

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

In the Wake of Anthropic’s Mythos, OpenAI Has a New Cybersecurity Model—and Strategy

OpenAI says its safeguards “sufficiently reduce cyber risk” for now, while GPT-5.4-Cyber is a new cybersecurity-focused model...

CVE-2026-40116

PraisonAI is a multi-agent teams system. Prior to 4.5.128, the /media-stream WebSocket endpoint in PraisonAI's call module accepts connections from any client without authentication or Twilio signature validation. Each connection opens an authenticated session to OpenAI's Realtime API using the...

OpenAI Codex CLI enables code execution through malicious MCP (Model Context Protocol) configuration files

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...

EUVD-2025-209435

A vulnerability was identified in OpenAI Codex CLI v0.23.0 and before that enables code execution through malicious MCP Model Context Protocol configuration files. The attack is triggered when a user runs the codex command inside a malicious or compromised repository. Codex automatically loads...