Dashboard Vulnerabilities News Research Archive Stats Dataset For devs

aisecwatch.com

Real-time AI security monitoring. Tracking AI-related vulnerabilities, safety and security incidents, privacy risks, research developments, and policy changes.

Navigation

Vulnerabilities News Research Digest Archive Newsletter Archive Subscribe Data Sources Statistics Dataset API Integrations Widget RSS Feed

Maintained by

Truong (Jack) Luu

Information Systems Researcher

Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise | AI Sec Watch

Vulnerability in MS-Agent AI Framework Can Allow Full System Compromise

highnews

security

Source: SecurityWeekMarch 3, 2026

Summary

A vulnerability in the MS-Agent AI Framework allows attackers to compromise an entire system by exploiting the Shell tool through improper input sanitization (failure to clean and validate user input). Attackers can use this flaw to modify system files and steal data.

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Affected Vendors

Microsoft

Related Issues

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

GHSA-w3hv-x4fp-6h6j: @grackle-ai/server has Missing WebSocket Origin Header Validation

Monthly digest — independent AI security research

Original source: https://www.securityweek.com/vulnerability-in-ms-agent-ai-framework-can-allow-full-system-compromise/

First tracked: March 3, 2026 at 07:00 AM

Classified by LLM (prompt v3) · confidence: 75%

availability

AI Component TargetedAgent

GitHub Advisory Database

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

Similar attackNVD/CVE Database

GHSA-5h3f-885m-v22w: OpenClaw: Existing WS sessions survive shared gateway token rotation

Similar attackGitHub Advisory Database

Tech Giants Invest $12.5 Million in Open Source Security

Same vendorSecurityWeek