AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results
MEDIUM

Mistune Heading ID Attribute has Injection XSS

CVE-2026-44897
6.1
mistune Patch: 3.2.1 CWE-79 463
MEDIUM

Mistune Math Plugin has an XSS Escape Bypass

CVE-2026-44708
6.1
mistune CWE-79 463
HIGH

LangChain vulnerable to unsafe deserialization of attacker-controlled objects through overly broad `load()` allowlists

CVE-2026-44843
8.2
langchain-core Patch: 1.3.3 CWE-502 4.3K
HIGH

Open WebUI Vulnerable to Arbitrary File Upload and Path Traversal

CVE-2026-44566
7.3
open-webui Patch: 0.1.124 CWE-22
HIGH

Open WebUI has Improper Authorization Control

CVE-2026-44567
7.3
open-webui Patch: 0.1.124 CWE-862
HIGH

Open WebUI has stored XSS in Excel file preview

CVE-2026-44549
7.3
open-webui Patch: 0.8.0 CWE-79
MEDIUM

Open WebUI has Stored XSS in Pending User Overlay via Incorrect DOMPurify Application Order

CVE-2026-44568
4.8
open-webui Patch: 0.9.0 CWE-79
CRITICAL

Cline Kanban Server has a Cross-Origin WebSocket Hijacking Vulnerability

CVE-2026-44211
9.6
CWE-306
HIGH

banks has Critical Remote Code Execution (RCE) via Jinja2 SSTI

CVE-2026-44209
7.5
banks Patch: 2.4.2 CWE-1336 154
MEDIUM

n8n-MCP is an MCP server that provides AI assistants access to n8n node documentation, properties, and operations. Prior to version 2.47.13, when n8n-mcp runs...

CVE-2026-42282
4.3
CWE-532
MEDIUM

Open WebUI has Unauthorized File and Knowledge Base Content Access via RAG Vector Search

CVE-2026-44560
6.5
open-webui Patch: 0.9.0 CWE-862
MEDIUM

Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

CVE-2026-44561
5.4
open-webui Patch: 0.9.0 CWE-284
MEDIUM

Read-Only Open WebUI Users Can Modify Collaborative Documents via Socket.IO

CVE-2026-44564
5.4
open-webui Patch: 0.9.0 CWE-863
MEDIUM

Open WebUI's Ollama Model Access Control Bypass via /api/generate, /api/embed, /api/embeddings, and /api/show

CVE-2026-44563
5.4
open-webui Patch: 0.9.0 CWE-862
MEDIUM

Open WebUI's Model Import Overwrites Any Model Without Ownership Check

CVE-2026-44562
6.5
open-webui Patch: 0.9.0 CWE-862
MEDIUM

Open WebUI Missing Access Check on Channel Members Endpoint for Standard Channels

CVE-2026-44559
4.3
open-webui Patch: 0.9.0 CWE-862
MEDIUM

Open WebUI vulnerable to Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

CVE-2026-44557
4.3
open-webui Patch: 0.9.0 CWE-200
HIGH

Open WebUI has Knowledge Base Destruction and RAG Poisoning via Unauthorized Collection Overwrite

CVE-2026-44554
8.1
open-webui Patch: 0.9.0 CWE-862
MEDIUM

Open WebUI's Channel Access Grants Bypass filter_allowed_access_grants

CVE-2026-44558
5.4
open-webui Patch: 0.9.0 CWE-863
HIGH

Open WebUI's responses passthrough endpoint lacks access control authorization

CVE-2026-44556
7.1
open-webui Patch: 0.9.0 CWE-284

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial