AI & LLM Vulnerabilities

Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.

aisecwatch.com

Real-time AI security monitoring. Tracking LLM vulnerabilities, privacy incidents, and safety research across 16+ sources.

Navigation

Vulnerabilities News Research Digest Archive Newsletter llms.txt

Maintained by

Truong (Jack) Luu

Information Systems Researcher

AI & LLM Vulnerabilities

Security vulnerabilities, privacy incidents, safety concerns, and policy updates affecting LLMs and AI agents.

Export CSV

2 items

GHSA-gf3v-fwqg-4vh7: @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

security

2/11/2026

The RecursiveUrlLoader class in @langchain/community is vulnerable to SSRF attacks due to insufficient URL validation. The preventOutside option used String.startsWith() for URL comparison, allowing attackers to bypass restrictions with domains sharing string prefixes (e.g., example.com.attacker.com), and the crawler had no validation against private/reserved IP addresses, enabling access to cloud metadata services and internal infrastructure.

Fix: Two changes were implemented: (1) The startsWith check was replaced with strict origin comparison using the URL API (new URL(link).origin === new URL(baseUrl).origin) to prevent subdomain-based bypasses. (2) A new URL validation module (@langchain/core/utils/ssrf) was added to block requests to cloud metadata endpoints (169.254.169.254, metadata.google.internal, etc.), private IP ranges (10.0.0.0/8, 172.16.0.0/12, 192.168.0.0/16, 127.0.0.0/8), IPv6 equivalents (::1, fc00::/7, fe80::/10), and non-HTTP/HTTPS schemes. As a workaround, users who cannot upgrade immediately should avoid using RecursiveUrlLoader on untrusted or user-influenced content, or run the crawler in a network environment without access to cloud metadata or internal services.

GitHub Advisory Database

Lack of isolation in agentic browsers resurfaces old vulnerabilities

security

1/13/2026

Browser-embedded AI agents lack proper isolation mechanisms, recreating decades-old vulnerabilities similar to XSS and CSRF. Multiple agentic browsers were exploited to perform attacks including false information dissemination and cross-site data leaks because AI agents have the same access to user data and credentials as the browser itself without adequate security boundaries.

Fix: The source provides both immediate mitigations and long-term architectural solutions, with the key recommendation being to extend the Same-Origin Policy to AI agents, building on proven principles that successfully secured the web. (Note: The text mentions that detailed mitigations are provided but the content is cut off before those specific mitigations are fully described.)

Trail of Bits Blog

2 items

GHSA-gf3v-fwqg-4vh7: @langchain/community affected by SSRF Bypass in RecursiveUrlLoader via insufficient URL origin validation

security

2/11/2026

GitHub Advisory Database

Lack of isolation in agentic browsers resurfaces old vulnerabilities

security

1/13/2026

Trail of Bits Blog