AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 144 results — Active exploitation, has patchpraisonaiagents: SSRF leaks cloud IAM credentials
CVE-2026-34954 PraisonAI: sandbox escape via shell=True blocklist bypass
CVE-2026-34955 PraisonAI: SSRF via api_base steals cloud IAM credentials
CVE-2026-34936 PraisonAI: OS command injection via run_python() shell escape
CVE-2026-34937 praisonaiagents: sandbox bypass enables full host RCE
CVE-2026-34938 Open WebUI: access control bypass leaks Tool Valve API keys
CVE-2026-34222 ONNX: symlink traversal reads host files via model loading
CVE-2026-34447 ONNX: symlink path traversal allows arbitrary file read
CVE-2026-27489 MLflow: RCE via unsanitized model dependency specs
CVE-2025-15379 MLflow: path traversal enables sandbox escape, file overwrite
CVE-2025-15036 langchain-core: path traversal exposes host secrets via prompt config
CVE-2026-34070 Open WebUI: IDOR exposes AI memories and private files
CVE-2026-29071 open-webui: missing authz allows cross-KB file deletion
CVE-2026-29070 Open WebUI: BOLA enables RAG poisoning via file overwrite
CVE-2026-28788 Open WebUI: path traversal leaks server filesystem path
CVE-2026-28786 BentoML: command injection in bentofile.yaml containerize
CVE-2026-33744 langflow: Path Traversal enables file access
CVE-2026-33497 langflow: Path Traversal enables file access
CVE-2026-33309 mlflow: Path Traversal enables file access
CVE-2025-15031 mlflow: Code Injection enables RCE
CVE-2025-14287 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial