AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 435 results — High severity, Active exploitationPraisonAI: auth bypass disables agent safety controls
CVE-2026-40149 LiteLLM: RCE via bytecode rewriting in guardrails API
CVE-2026-40217 PraisonAIAgents: SSRF exposes cloud metadata via web_crawl
CVE-2026-40150 PraisonAI: unauth WebSocket drains OpenAI API credits
CVE-2026-40116 PraisonAI: arg injection injects env vars into Cloud Run
CVE-2026-40113 praisonai: SSTI enables RCE via agent instructions
CVE-2026-39891 text-generation-webui: unauthenticated path traversal file read
CVE-2026-35485 PraisonAI: recipe registry path traversal file write
CVE-2026-39308 PraisonAI: recipe path traversal allows arbitrary file write
CVE-2026-39306 PraisonAI: Zip Slip enables arbitrary file write / RCE
CVE-2026-39307 Claude Code CLI: shell injection enables RCE
CVE-2026-35021 Claude Code CLI: OS command injection via TERMINAL env
CVE-2026-35020 mobile-mcp: intent injection enables device control via AI agent
CVE-2026-35394 BentoML: malicious bento archive RCE via Jinja2 SSTI
CVE-2026-35044 BentoML: cmd injection RCE on cloud build infra
CVE-2026-35043 praisonaiagents: SSRF leaks cloud IAM credentials
CVE-2026-34954 PraisonAI: sandbox escape via shell=True blocklist bypass
CVE-2026-34955 PraisonAI: SSRF via api_base steals cloud IAM credentials
CVE-2026-34936 PraisonAI: OS command injection via run_python() shell escape
CVE-2026-34937 Open WebUI: access control bypass leaks Tool Valve API keys
CVE-2026-34222 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial