Agentic / MCP
204 entries
Every Agentic / MCP entry VulnWatch has indexed, sorted by publication date.
Subscribe to this tag's RSS feed
CVE-2026-41495: n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.11, when n8n-mcp runs in HTTP transport mode, incoming requests...
gmaps-mcp's unauthenticated HTTP transport allows unlimited Google Maps API calls at operator expense
## Unauthenticated HTTP Transport Allows Unlimited Google Maps API Calls at Operator Expense The `gmaps-mcp` codebase was reviewed at commit `e671db68c804c9e67d51582d3280839ffa65f127` and three issue...
CVE-2026-44336: PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (prais
PraisonAI is a multi-agent teams system. Prior to version 4.6.34, PraisonAI's MCP (Model Context Protocol) server (praisonai mcp serve) registers four file-handling tools by default — praisonai.rules....
Vulnerability in Claude Extension for Chrome Exposes AI Agent to Takeover
Lax extension permissions and improper trust implementation allow attackers to inject prompts in the Claude Chrome extension. The post Vulnerability in Claude Extension for Chrome Exposes AI Agent to...
CVE-2026-42449: n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In ve
n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. In versions 2.47.4 through 2.47.13, the SDK embedder path (N8NDocumentationMCPServer...
Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Chain Attack
Attackers could inject prompts into a GitHub issue and take over the AI agent designed to automatically triage the issue. The post Gemini CLI Vulnerability Could Have Led to Code Execution, Supply Cha...
Vercel: Non-interactive mode includes CLI arguments in suggested command output
# Summary When the Vercel CLI runs in non-interactive mode (`--non-interactive` or auto-detected AI agent), commands that cannot complete autonomously emit JSON payloads with suggested follow-up comm...
rmcp Streamable HTTP server transport has a DNS rebinding vulnerability
## Summary Prior to version 1.4.0, the `rmcp` crate's Streamable HTTP server transport (`crates/rmcp/src/transport/streamable_http_server/`) did not validate the incoming `Host` header. This allowed...
Your AI Agents Are Already Inside the Perimeter. Do You Know What They're Doing?
Analysts recently confirmed what identity security teams have quietly feared: AI agents are being deployed faster than enterprises can govern them. In their inaugural Market Guide for Guardian Agents,...
ciguard: discover_pipeline_files follows symlinks out of scan root
## Summary The `discover_pipeline_files()` function in `src/ciguard/discovery.py` (introduced in v0.8.0 and used by the MCP `scan_repo` tool shipped in v0.8.1) walks a directory tree following symlin...
open-websearch has SSRF in `fetchWebContent` MCP tool: bracketed IPv6 literals and non-resolving hostname check bypass `isPrivateOrLocalHostname`
### Summary `src/utils/urlSafety.ts` exposes `isPublicHttpUrl` / `assertPublicHttpUrl`, used to gate the MCP `fetchWebContent` tool against private-network targets. The check has two defects that toge...
wireshark-mcp vulnerable to arbitrary file write via export_objects when WIRESHARK_MCP_ALLOWED_DIRS is not configured
## Description ### Impact `wireshark-mcp` exposes a `wireshark_export_objects` MCP tool that accepts an attacker-controlled `dest_dir` parameter and passes it to tshark's `--export-objects` flag wit...
LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution
### Summary The vulnerability was automatically discovered by an ai agent and then manually verified. LobeChat's message rendering mechanism has a stored cross-site scripting (XSS) vulnerability. Com...
CVE-2026-35228: Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The
Vulnerability in the Oracle MCP Server Helper Tool product of Oracle Open Source Projects (component: helper tool). The supported versions that is affected is 1.0.1-1.0.156. Easily exploitable vulnera...
CVE-2026-42080: PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary fi
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, there is an arbitrary file write vulnerability via `save_generated_slides`. This issue has been patched...
CVE-2026-42079: PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable t
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary code execution via Python eval() of LLM-generated code with builtins...
CVE-2026-42078: PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable t
PPTAgent is an agentic framework for reflective PowerPoint generation. Prior to commit 418491a, PPTAgent is vulnerable to arbitrary file write and directory creation via markdown_table_to_image. This...
CVE-2026-42077: Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerabilit
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a prototype pollution vulnerability in the mailbox store module allows attackers to modify the behavior of all Jav...
CVE-2026-42076: Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a command injection vulnerability in the _extractLLM() function allows attackers to execute arbitrary shell comman...
CVE-2026-42075: Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in
Evolver is a GEP-powered self-evolving engine for AI agents. Prior to version 1.69.3, a path traversal vulnerability in the skill download (fetch) command allows attackers to write files to arbitrary...
n8n Vulnerable to XSS via MCP OAuth client
## Impact An unauthenticated attacker could register a malicious MCP OAuth client with a crafted `client_name`. If a victim user authorized the OAuth consent dialog and a second user subsequently revo...
The Mythos Moment: Enterprises Must Fight Agents with Agents
Only with the right platform and an agentic, AI-driven defense, will enterprises be able to protect themselves in the agentic era. The post The Mythos Moment: Enterprises Must Fight Agents with Agents...
Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable
Agentic AI can be expensive to use, causing further and unpredictable pressure on tight budgets. The post Sevii Launches Cyber Swarm Defense to Make Agentic AI Security Costs Predictable appeared firs...
Microsoft Patches Entra ID Role Flaw That Enabled Service Principal Takeover
An administrative role meant for artificial intelligence (AI) agents within Microsoft Entra ID could enable privilege escalation and identity takeover attacks, according to new findings from Silverfor...
OpenClaw: Agent gateway config mutations could change protected operator settings
## Affected Packages / Versions - Package: `openclaw` (npm) - Affected versions: `< 2026.4.20` - Patched version: `2026.4.20` ## Impact The agent-facing `gateway config.patch` / `config.apply` guar...