AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
79
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitation Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code... 9.8 0.3% flowise-components Apr 21 MEDI E CVE-2026-6608 A vulnerability was detected in lm-sys fastchat... 5.3 0.0% fschat Apr 20 LOW E CVE-2026-6600 A flaw has been found in langflow-ai langflow up... 3.5 0.0% — Apr 20 MEDI E CVE-2026-6599 A vulnerability was detected in langflow-ai... 6.3 0.0% langflow Apr 20 MEDI E CVE-2026-6598 A security vulnerability has been detected in... 4.3 0.0% langflow Apr 20 LOW E CVE-2026-6597 A weakness has been identified in langflow-ai... 2.7 0.0% langflow Apr 20 HIGH E CVE-2026-6596 A security flaw has been discovered in... 7.3 0.1% langflow-base Apr 20 CRIT E CVE-2026-40933 Flowise: RCE via MCP stdio command injection 9.9 0.0% flowise-components Apr 16 CRIT E CVE-2025-61260 OpenAI Codex CLI: RCE via malicious MCP config files 9.8 0.1% @openai/codex Apr 14 HIGH E CVE-2026-1462 Keras: safe_mode bypass allows RCE via model deserialization 8.8 0.1% keras Apr 13 MEDI E CVE-2026-40190 langsmith: prototype pollution enables auth bypass, RCE 5.6 0.1% langsmith Apr 10 MEDI E CVE-2026-40086 rembg: path traversal exposes arbitrary files via HTTP API 5.3 0.1% rembg Apr 10 HIGH E CVE-2026-40114 PraisonAI: unauthenticated SSRF via unvalidated webhook_url 7.2 0.0% PraisonAI Apr 10 HIGH E CVE-2026-40160 praisonaiagents: SSRF in web_crawl exposes cloud metadata — 0.0% praisonaiagents Apr 10 MEDI E CVE-2026-40159 PraisonAI: MCP env inheritance exposes API keys 5.5 0.0% PraisonAI Apr 10 CRIT E CVE-2026-40157 PraisonAI: path traversal allows arbitrary file write via recipe unpack — 0.1% PraisonAI Apr 10 HIGH E CVE-2026-40156 PraisonAI: auto tools.py load enables local RCE 7.8 0.0% praisonai Apr 10 MEDI E CVE-2026-40148 PraisonAI: decompression bomb causes disk exhaustion 6.5 0.0% PraisonAI Apr 10 CRIT E CVE-2026-40154 PraisonAI: supply chain RCE via unverified template exec 9.3 0.0% PraisonAI Apr 10 HIGH E CVE-2026-40158 PraisonAI: AST sandbox bypass enables host RCE 8.6 0.0% PraisonAI Apr 10 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial