AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
79
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitation Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2026-40152 praisonaiagents: glob traversal leaks filesystem metadata 5.3 0.0% praisonaiagents Apr 10 HIGH E CVE-2026-40153 praisonaiagents: env var expansion exposes production secrets 7.4 0.0% praisonaiagents Apr 10 MEDI E CVE-2026-40151 PraisonAI: unauthenticated agent config and system prompt disclosure 5.3 0.0% PraisonAI Apr 10 HIGH E CVE-2026-40149 PraisonAI: auth bypass disables agent safety controls 7.9 0.0% PraisonAI Apr 10 MEDI E CVE-2026-40115 PraisonAI: unbounded body read enables local DoS 6.2 0.1% PraisonAI Apr 10 HIGH E CVE-2026-40217 LiteLLM: RCE via bytecode rewriting in guardrails API 8.8 0.2% litellm Apr 10 CRIT E CVE-2026-1115 lollms: Stored XSS enables wormable account takeover 9.6 0.0% lollms Apr 10 MEDI E CVE-2026-6011 OpenClaw: SSRF via web-fetch enables internal network pivot 5.6 0.1% openclaw Apr 10 HIGH E CVE-2026-40150 PraisonAIAgents: SSRF exposes cloud metadata via web_crawl 7.7 0.0% praisonaiagents Apr 9 MEDI E CVE-2026-40117 PraisonAI: arbitrary file read via unguarded skill tool 6.2 0.0% praisonaiagents Apr 9 HIGH E CVE-2026-40116 PraisonAI: unauth WebSocket drains OpenAI API credits 7.5 0.1% praisonai Apr 9 HIGH E CVE-2026-40113 PraisonAI: arg injection injects env vars into Cloud Run 8.4 0.0% praisonai Apr 9 MEDI E CVE-2026-40112 PraisonAI: XSS via no-op HTML sanitizer in agent output 5.4 0.0% praisonai Apr 9 CRIT E CVE-2026-40111 PraisonAI: RCE via shell injection in memory hooks executor — 0.0% praisonaiagents Apr 9 MEDI E CVE-2026-5803 openai-realtime-ui: SSRF in API proxy endpoint 6.3 0.0% — Apr 8 HIGH E CVE-2026-39891 praisonai: SSTI enables RCE via agent instructions 8.8 0.0% praisonai Apr 8 CRIT E CVE-2026-39890 PraisonAI: YAML deserialization enables unauthenticated RCE 9.8 0.5% praisonai Apr 8 MEDI E CVE-2026-39411 LobeChat: auth bypass via forged XOR obfuscated header 5.0 0.0% @lobehub/lobehub Apr 8 MEDI E CVE-2026-1163 lollms: sessions persist after password reset 4.1 0.0% lollms Apr 8 HIGH E CVE-2026-35485 text-generation-webui: unauthenticated path traversal file read 7.5 0.4% gradio Apr 7 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial