AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 766 results — Active exploitation, no patchA vulnerability was detected in langflow-ai langflow up to 1.8.3. The impacted element is the function get_client_ip/install_mcp_config of the file...
CVE-2026-6599 A weakness has been identified in langflow-ai langflow up to 1.8.3. Impacted is the function remove_api_keys/has_api_terms of the file...
CVE-2026-6597 OpenAI Codex CLI: RCE via malicious MCP config files
CVE-2025-61260 LiteLLM: RCE via bytecode rewriting in guardrails API
CVE-2026-40217 PraisonAI: unauth WebSocket drains OpenAI API credits
CVE-2026-40116 PraisonAI: arg injection injects env vars into Cloud Run
CVE-2026-40113 PraisonAI: XSS via no-op HTML sanitizer in agent output
CVE-2026-40112 openai-realtime-ui: SSRF in API proxy endpoint
CVE-2026-5803 lollms: sessions persist after password reset
CVE-2026-1163 text-generation-webui: unauthenticated path traversal file read
CVE-2026-35485 MLflow: auth bypass exposes model artifacts across experiments
CVE-2026-33866 Claude Code: OS command injection, credential theft
CVE-2026-35022 Claude Code CLI: shell injection enables RCE
CVE-2026-35021 Claude Code CLI: OS command injection via TERMINAL env
CVE-2026-35020 KubeAI: RCE via shell injection in Ollama startup probe
CVE-2026-34940 Budibase: Unauthenticated RCE as root via webhook
CVE-2026-35216 mobile-mcp: intent injection enables device control via AI agent
CVE-2026-35394 MLflow: auth bypass in job API enables unauthenticated RCE
CVE-2026-0545 MLflow: command injection via model_uri in mlserver mode
CVE-2026-0596 awesome-llm-apps MCP Agent: cross-session credential theft
CVE-2026-29872 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial