CVE-2026-42074 OpenClaude: Sandbox Bypass via Model-Controlled `dangerouslyDisableSandbox` Input

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM an untrusted principal per the project's own threat model can set ...

EUVD-2026-33972

OpenClaude is an open-source coding-agent command line interface for cloud and local model providers. Prior to version 0.5.1, the dangerouslyDisableSandbox parameter is exposed as part of the BashTool input schema, meaning the LLM an untrusted principal per the project's own threat model can set ...

CVE-2026-25879

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

EUVD-2026-33830

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

CVE-2026-25879

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

CVE-2026-25879 Langroid has Prompt to SQL Injection, Leading to RCE

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

CVE-2026-25879 Langroid has Prompt to SQL Injection, Leading to RCE

Langroid is a framework for building large-language-model-powered applications. Prior to version 0.63.0, SQLChatAgent executes SQL produced by an LLM, which is influenceable by prompt injection. When configured with a database role that has privileges enabling code execution or filesystem access...

CVE-2026-25879

Langroid's CVE-2026-25879 affects the Langroid framework (SQLChatAgent) prior to v0.63.0. An attacker who can shape input to the agent can cause LLM-provided SQL to execute dialect-specific primitives such as COPY ... FROM PROGRAM, enabling Remote Code Execution on the database host when the data...

AgentRedBench: Dynamic Redteaming and Integration-Aware Defense for LLM Agents over SaaS Integrations

Indirect prompt injection in tool-use agents is a concrete production threat: LLM agents read from integrations third-party services such as Gmail, Salesforce, or Jira accessed through tool calls whose response content the user neither writes nor controls. Existing benchmarks under-measure the...

Langroid code injection vulnerability

Langroid is an open-source tool developed using multi-agent programming for LLM tasks. Versions of Langroid prior to 0.63.0 contained a code injection vulnerability. This vulnerability stemmed from SQLChatAgent executing SQL statements generated by the LLM. It could be exploited via prompt...

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence AI assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhi...

From Prompt Injection to Persistent Control: Defending Agentic Harness against Trojan Backdoors

LLM agents are evolving from conversational chatbots to operational tools in real-world workspaces. In local agentic harnesses, an LLM can read and write files, call tools, and reuse workspace state across sessions. While such capabilities enhance utility, they also expose a new attack surface fo...

CVE-2026-45374 CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the taskcreate tool spawns durable sub-agents that inherit two insecure defaults, allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue and autoapprove defaults to true taskmanager.rs:297: autoapprove:...

CVE-2026-45374

CVE-2026-45374 affects CodeWhale’s DeepSeek+MiMo task_create flow. Before version 0.8.26, sub-agents inherit two insecure defaults: allow_shell = true and auto_approve = true, enabling unrestricted, unapproved shell access after user approval of a task_create prompt. This can lead to remote comma...

CVE-2026-45374 CodeWhale: task_create Insecure Defaults Enable RCE via Prompt Injection in Project Files

CodeWhale is a DeepSeek + MiMo coding agent in terminal. Prior to 0.8.26, the taskcreate tool spawns durable sub-agents that inherit two insecure defaults, allowshell defaults to true config.rs:1499: self.allowshell.unwraportrue and autoapprove defaults to true taskmanager.rs:297: autoapprove:...

Automatically Attacking Software Reverse Engineering AI Agents

Software tools for reverse engineering executable binary files, such as Ghidra, enable malware analysts to safely conduct robust static analysis without having access to original source code. Coupled with the analytic power of large language models LLM, agentic systems enabled with tools, such as...

Strengthening Polymorphic Prompt Assembling: Dynamic Separator Generation against Emerging Prompt Injection Attacks

Polymorphic Prompt Assembling PPA defends LLM agents against prompt injections by randomly selecting separator pairs from a fixed pool to isolate user input from system instructions. Although effective, static pool reuse exposes a blast-radius vulnerability: once a separator leaks, it can be...

Investigating Detection and Obfuscation of Prompt Injection Attacks against Software Reverse Engineering AI Agents

Agentic software reverse engineering systems are vulnerable to prompt injection attacks placed into the source code of executable binary files. This research demonstrates defensive tactics for detecting the presences of prompt injection strings in the decompiler output of adversarial example...

The Surface You Test Is Not the Surface That Breaks

Tool-augmented LLM agents are vulnerable to prompt injection: a third party who controls part of the agent's context can plant instructions that the agent then executes as if they came from the user. Current evaluations report a single attack success rate per model on one channel, the tool output...

GHSA-MXFR-6HCW-J9RQ Langroid has Prompt to SQL Injection, Leading to RCE

Security Vulnerability Report: Prompt to SQL Injection leading to RCE in latest Langroid Affected Scope langroid @localhost:5432/postgres" Create SQL Chat Agent config = SQLChatAgentConfig databaseuri=DATABASEURI, llm=OpenAIGPTConfig apibase=os.getenv"bas...