AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitationMLflow: auth bypass exposes model artifacts across experiments
CVE-2026-33866 MLflow: stored XSS via MLmodel YAML artifact upload
CVE-2026-33865 HuggingFace Transformers: RCE via malicious checkpoint load
CVE-2026-1839 PraisonAI: path traversal exposes full filesystem via agent tools
CVE-2026-35615 PraisonAI: recipe registry path traversal file write
CVE-2026-39308 PraisonAI: recipe path traversal allows arbitrary file write
CVE-2026-39306 PraisonAI: path traversal enables arbitrary file write/RCE
CVE-2026-39305 PraisonAI: Zip Slip enables arbitrary file write / RCE
CVE-2026-39307 Claude Code: OS command injection, credential theft
CVE-2026-35022 Claude Code CLI: shell injection enables RCE
CVE-2026-35021 Claude Code CLI: OS command injection via TERMINAL env
CVE-2026-35020 KubeAI: RCE via shell injection in Ollama startup probe
CVE-2026-34940 Budibase: Unauthenticated RCE as root via webhook
CVE-2026-35216 mobile-mcp: intent injection enables device control via AI agent
CVE-2026-35394 BentoML: malicious bento archive RCE via Jinja2 SSTI
CVE-2026-35044 BentoML: cmd injection RCE on cloud build infra
CVE-2026-35043 LiteLLM: auth bypass allows RCE and full takeover
CVE-2026-35029 MLflow: auth bypass in job API enables unauthenticated RCE
CVE-2026-0545 praisonaiagents: SSRF leaks cloud IAM credentials
CVE-2026-34954 PraisonAI: sandbox escape via shell=True blocklist bypass
CVE-2026-34955 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial