{"data":{"id":"3af1c16c-91b0-4481-82ad-42da12214d72","title":"Microsoft says web-enabled AI agents can trigger host-level RCE","summary":"Microsoft discovered a security vulnerability called \"AutoJack\" that allows malicious webpages to trick AI agents (programs that can browse the web and access local services) into running harmful code on a user's computer. The attack works by chaining together three separate weaknesses in AutoGen Studio (Microsoft's tool for building AI agents), exploiting the fact that web-browsing agents have trusted access to local services that normally block outside access.","solution":"For users installing AutoGen Studio from source, the maintainers removed URL-based parameter injection, routed MCP paths through normal authentication flows, and implemented server-side parameter handling keyed to session identifiers. Users who installed AutoGen Studio through PyPI were never exposed to this vulnerability, as the vulnerable code only existed in development builds and was never shipped in public releases.","labels":["security"],"sourceUrl":"https://www.csoonline.com/article/4187155/microsoft-says-web-enabled-ai-agents-can-trigger-host-level-rce.html","publishedAt":"2026-06-19T08:41:49.000Z","cveId":null,"cweIds":null,"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["prompt_injection"],"issueType":"news","affectedPackages":null,"affectedVendors":["Microsoft"],"affectedVendorsRaw":["Microsoft","AutoGen Studio"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":null,"epssScore":null,"patchAvailable":null,"disclosureDate":"2026-06-19T08:41:49.000Z","capecIds":null,"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}