Lucene search
K

71 matches found

NVD
NVD
added 4 days ago6 views

CVE-2026-14898

The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...

6.5CVSS0.00221EPSS
Exploits0References1
CVE
CVE
added 4 days ago10 views

CVE-2026-14898

The CVE affects the OpenAI Codex desktop app for macOS, where rendering remote images from Markdown in model responses can exfiltrate data. An indirect prompt injection in content (e.g., from connected tools or untrusted sources) could cause the model to construct a remote image URL containing se...

6.5CVSS6.1AI score0.00221EPSS
Exploits0References1
NVD
NVD
added last week7 views

CVE-2026-13341

A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...

7.4CVSS0.00258EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.11 views

PT-2026-55525

Name of the Vulnerable Software and Affected Versions Kong Konnect MCP server versions prior to 1.0.0 Description An issue exists where the server fails to properly validate content returned to the Large Language Model LLM. This allows a remote attacker to perform an indirect prompt injection by...

7.4CVSS6.1AI score0.00258EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2026/06/20 12:0 a.m.6 views

Linux Distros Unpatched Vulnerability : CVE-2026-44688

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/06/18 6:35 p.m.12 views

[Eclipse Theia] Indirect Prompt Injection via Adversarial Workspace File and Directory Names in AI Chat

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References6Affected Software7
EUVD
EUVD
added 2026/06/18 2:26 p.m.9 views

EUVD-2026-37899

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the...

8.4CVSS5.6AI score0.00272EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/18 2:22 p.m.20 views

CVE-2026-44688

In Eclipse Theia versions prior to 1.71.0, the AI chat agent processed workspace file and directory names as part of its prompt context without distinguishing them from system instructions. An attacker could craft a malicious repository with adversarial directory or file names that, when analyzed...

8.4CVSS0.00272EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.19 views

PT-2026-50689

Name of the Vulnerable Software and Affected Versions Eclipse Theia versions prior to 1.71.0 Description The AI chat agent processes workspace file and directory names as part of its prompt context without distinguishing them from system instructions. This allows for indirect prompt injection,...

8.8CVSS6.1AI score0.00272EPSS
Exploits0References10
Packet Storm News
Packet Storm News
added 2026/06/06 12:0 a.m.10 views

Hiding in Plain Floats: Steganographic Carriers for Indirect Prompt and Content Injection

Text-centered prompt-injection defenses assume that the malicious signal is visible in one of the inspected text views. We study a reproducible LLM01-style indirect prompt/content-injection failure mode where that assumption breaks: a payload caught in plain English slips past the same detector...

5.5AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/06/01 12:0 a.m.10 views

AgentRedBench: Dynamic Redteaming and Integration-Aware Defense for LLM Agents over SaaS Integrations

Indirect prompt injection in tool-use agents is a concrete production threat: LLM agents read from integrations third-party services such as Gmail, Salesforce, or Jira accessed through tool calls whose response content the user neither writes nor controls. Existing benchmarks under-measure the...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/05/12 12:0 a.m.19 views

IPI-Proxy: An Intercepting Proxy for Red-Teaming Web-Browsing AI Agents against Indirect Prompt Injection

Web-browsing AI agents are increasingly deployed in enterprise settings under strict whitelists of approved domains, yet adversaries can still influence them by embedding hidden instructions in the HTML pages those domains serve. Existing red-teaming resources fall short of this scenario:...

5.8AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/29 12:0 a.m.27 views

Indirect Prompt Injection in the Wild: An Empirical Study of Prevalence, Techniques, and Objectives

As LLMs are increasingly integrated into systems that browse, retrieve, summarize, and act on web content, webpages have become an untrusted input vector for downstream model behavior. This enables site owners, contributors, and adversaries to embed instructions directly in web resources, i.e.,...

5.7AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/28 12:0 a.m.11 views

Logic-to-Code Execution via Indirect Prompt Injection

This document explores a critical architectural vulnerability in Large Language Model LLM implementations, specifically within Command Line Interface CLI tools and automated agentic workflows. The research demonstrates how the absence of separation between the control plane instructions and the...

6.3AI score
Exploits0
HackRead
HackRead
added 2026/04/23 10:20 a.m.9 views

Hackers Use Hidden Website Instructions in New Attacks on AI Assistants

Cybersecurity researchers at Forcepoint uncover new indirect prompt injection attacks that use hidden website code to exploit AI assistants like GitHub Copilot...

5.8AI score
Exploits0
HackRead
HackRead
added 2026/04/07 3:55 p.m.10 views

GrafanaGhost Vulnerability Allows Data Theft via AI Injection

GrafanaGhost is a critical vulnerability in Grafana’s AI components that uses indirect prompt injection and protocol-relative URL bypasses to exfiltrate data...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/04/04 12:0 a.m.3 views

Your Agent Is More Brittle Than You Think: Uncovering Indirect Injection Vulnerabilities in Agentic LLMs

The rapid deployment of open-source frameworks has significantly advanced the development of modern multi-agent systems. However, expanded action spaces, including uncontrolled privilege exposure and hidden inter-system interactions, pose severe security challenges. Specifically, Indirect Prompt...

5.9AI score
Exploits0
Packet Storm News
Packet Storm News
added 2026/03/31 12:0 a.m.2 views

Architecting Secure AI Agents: Perspectives on System-Level Defenses against Indirect Prompt Injection Attacks

AI agents, predominantly powered by large language models LLMs, are vulnerable to indirect prompt injection, in which malicious instructions embedded in untrusted data can trigger dangerous agent actions. This position paper discusses our vision for system-level defenses against indirect prompt...

5.9AI score
Exploits0
NVD
NVD
added 2026/03/27 8:16 p.m.4 views

CVE-2026-33654

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

9.8CVSS0.00489EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 7:43 p.m.3 views

CVE-2026-33654 Zero-Click Indirect Prompt Injection and Authentication Bypass via Email Polling

nanobot is a personal AI assistant. Prior to version 0.1.6, an indirect prompt injection vulnerability exists in the email channel processing module nanobot/channels/email.py, allowing a remote, unauthenticated attacker to execute arbitrary LLM instructions and subsequently, system tools without...

9.3CVSS6.1AI score0.00489EPSS
Exploits1References3
Rows per page
Query Builder