965 matches found
CVE-2026-55615
Langroid CVE-2026-55615 affects the Neo4jChatAgent path, where LLM-generated Cypher queries are sent unvalidated to the Neo4j driver prior to version 0.65.5. Connected docs describe a prompt-injection risk enabling read/write/destroy of graph data and, with APOC or dbms.security, potential OS com...
CVE-2026-59807
CVE-2026-59807 affects Composio SDK prior to 0.2.32-beta.283. A path validation bypass in readFileFromDisk (tool-file-uploads.ts) can enable an attacker to read and exfiltrate sensitive files by manipulating file_uploadable parameters via prompt injection, referencing sensitive paths such as SSH ...
CVE-2026-59807 Composio SDK < 0.2.32-beta.283 - Sensitive File Upload via tool-file-uploads.ts
Composio SDK before 0.2.32-beta.283 contains a path validation bypass vulnerability that allows attackers to read and exfiltrate sensitive files by exploiting a missing assertSafeFileUploadPath check in the readFileFromDisk function within tool-file-uploads.ts. Attackers can exploit prompt...
New HalluSquatting Attack Could Trick AI Coding Assistants Into Installing Botnet Malware
AI coding assistants have a habit of making things up. Ask one to fetch a popular tool, and it will sometimes hand back a real-sounding name for a project that does not exist. New research, which its authors call HalluSquatting , turns that habit into an attack: work out the fake names an AI...
Langroid: Neo4jChatAgent executes LLM-generated Cypher without validation (prompt-to-Cypher injection; config-conditional RCE), mirroring the SQLChatAgent bug fixed in CVE-2026-25879
Neo4jChatAgent passes LLM-generated Cypher queries straight to the Neo4j driver with no validation, no statement-type allowlist, and no opt-out gate. The query text is influenceable by prompt injection direct user input or indirect content the agent reads back via RAG, so an attacker who can...
Langroid: Sandbox Escape to Remote Code Execution via Incomplete `eval()` Mitigation in TableChatAgent
Advisory Details Title: Sandbox Escape to Remote Code Execution via Incomplete eval Mitigation in TableChatAgent Description: Summary Langroid is vulnerable to a critical Sandbox Escape leading to Remote Code Execution RCE in its TableChatAgent and VectorStore capabilities. When these agents...
CVE-2026-14898
The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...
CVE-2026-55514
vLLM is a library for LLM inference and serving. From 0.12.0 to before 0.24.0, sending a pure prompt embeds payload in a /v1/completions request with a model using M-RoPE causes EngineCore to fail an assertion and fatally crash, shutting down the entire server application. Any remote user who is...
CVE-2026-14898
The CVE affects the OpenAI Codex desktop app for macOS, where rendering remote images from Markdown in model responses can exfiltrate data. An indirect prompt injection in content (e.g., from connected tools or untrusted sources) could cause the model to construct a remote image URL containing se...
CVE-2026-14898
The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...
EUVD-2026-41915
The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...
CVE-2026-14898
The OpenAI Codex desktop app for macOS rendered remote images from Markdown in model responses. An attacker who could place an indirect prompt injection in content processed by Codex, such as a connected-tool result or another untrusted source, could induce the model to construct a remote image U...
PT-2026-55971
Name of the Vulnerable Software and Affected Versions OpenAI Codex for macOS affected versions not specified Description The desktop application renders remote images from Markdown within model responses. An attacker can use indirect prompt injection—a technique where malicious instructions are...
PT-2026-56085
Name of the Vulnerable Software and Affected Versions Langroid versions prior to 0.65.5 Description Neo4jChatAgent passes LLM-generated Cypher queries directly to the Neo4j driver without validation, a statement-type allowlist, or an opt-out gate. Because the query text can be influenced by promp...
CVE-2026-13341
A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...
EUVD-2026-41530
A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...
CVE-2026-13341
A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...
CVE-2026-13341 Prompt Injection and Credential Exposure via Untrusted Analytics Data in Kong Konnect MCP
A vulnerability exists in the Kong Konnect Model Context Protocol MCP server prior to version 1.0.0, which could allow a remote attacker to perform an indirect prompt injection attack and execute unintended API requests...
CVE-2026-13341
Kong Konnect MCP server (before 1.0.0) is affected. A remote attacker could perform an indirect prompt injection and cause unintended API requests due to the MCP component. Impact aligns with high-severity potential exposure (CVSS 7.4); exploit details are not provided in the sources. Remediation...
PT-2026-55525
Name of the Vulnerable Software and Affected Versions Kong Konnect MCP server versions prior to 1.0.0 Description An issue exists where the server fails to properly validate content returned to the Large Language Model LLM. This allows a remote attacker to perform an indirect prompt injection by...