🛡️ NAIL Institute — AVE Database

← Back to Database

Structured Data Injection

🟠 HIGH injection proven AVE-2025-0092

· aka: JSON/XML Injection

Summary

Malicious instructions embedded within structured data fields (JSON, XML, CSV) that the agent parses and processes.

Blast Radius

Any agent processing structured data from untrusted sources.

Prerequisites

Agent that parses structured data as part of its workflow.

Environment

Frameworks: LangGraph, AutoGen
Models tested: [Available in NAIL SDK]
Multi-agent: No
Tools required: Yes
Memory required: No

Related

AVE-2025-0003