AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 144 results — Active exploitation, has patch
HIGH EXPLOIT AVAIL

Flowise: SSRF via HTTP Node exposes internal network

CVE-2026-31829
8.8
EPSS 0.1%
Data Extraction Auth Bypass Agent Framework
flowise-components Patch: 3.0.13 CWE-918 4 ATLAS
CRITICAL EXPLOIT AVAIL

mcp-atlassian: Path Traversal enables file access

CVE-2026-27825
9.1
EPSS 0.0%
Code Execution Prompt Injection Supply Chain Agent Plugin Framework
mcp-atlassian Patch: 0.17.0 CWE-22 6 ATLAS
HIGH EXPLOIT AVAIL

mcp-atlassian: SSRF allows internal network access

CVE-2026-27826
8.2
EPSS 0.1%
Auth Bypass Prompt Injection Data Extraction Agent Plugin API
mcp-atlassian Patch: 0.17.0 CWE-918 7 ATLAS
MEDIUM EXPLOIT AVAIL

ray: Missing Auth allows unauthenticated access

CVE-2026-27482
5.9
EPSS 0.1%
Auth Bypass DoS Framework Inference
ray Patch: 2.54.0 CWE-306 845 4 ATLAS
HIGH EXPLOIT AVAIL

pydantic-ai: SSRF allows internal network access

CVE-2026-25580
8.6
EPSS 0.0%
Data Extraction Auth Bypass Framework Agent API
pydantic-ai-slim Patch: 1.56.0 CWE-918 414 6 ATLAS
MEDIUM EXPLOIT AVAIL

llama-index-core: DoS causes service disruption

CVE-2025-6208
5.3
EPSS 0.0%
DoS Framework RAG
llama-index-core Patch: 0.12.41 CWE-400 1.1K 4 ATLAS
HIGH EXPLOIT AVAIL

lollms: Access Control bypass enables privilege escalation

CVE-2026-1117
8.2
EPSS 0.1%
Auth Bypass DoS API Inference Framework
lollms Patch: 2.1.0 CWE-284 4 ATLAS
HIGH EXPLOIT AVAIL

mlflow: security flaw enables exploitation

CVE-2025-10279
7.0
EPSS 0.0%
Code Execution Supply Chain Framework Training Data
mlflow Patch: 3.4.0rc0 CWE-379 624 4 ATLAS
HIGH EXPLOIT AVAIL

chainlit: SSRF allows internal network access

CVE-2026-22219
7.7
EPSS 0.0%
Data Extraction Privacy Violation Framework API
chainlit Patch: 2.9.4 CWE-918 39 5 ATLAS
HIGH EXPLOIT AVAIL

fickling: Deserialization enables RCE

CVE-2026-22612
--
EPSS 0.1%
Supply Chain Code Execution Auth Bypass Framework Model Training Data
fickling Patch: 0.1.7 CWE-502 57 5 ATLAS
HIGH EXPLOIT AVAIL

fickling: Allowlist Bypass evades input filtering

CVE-2026-22609
--
EPSS 0.1%
Code Execution Supply Chain Auth Bypass Framework Model
fickling Patch: 0.1.7 CWE-184 57 5 ATLAS
HIGH EXPLOIT AVAIL

fickling: Allowlist Bypass evades input filtering

CVE-2026-22608
--
EPSS 0.0%
Supply Chain Code Execution Auth Bypass Framework Model
fickling Patch: 0.1.7 CWE-184 57 5 ATLAS
HIGH EXPLOIT AVAIL

fickling: Allowlist Bypass evades input filtering

CVE-2026-22607
--
EPSS 0.1%
Code Execution Supply Chain Auth Bypass Framework Model Inference
fickling Patch: 0.1.7 CWE-184 57 6 ATLAS
HIGH EXPLOIT AVAIL

fickling: Allowlist Bypass evades input filtering

CVE-2026-22606
--
EPSS 0.1%
Supply Chain Code Execution Framework Model
fickling Patch: 0.1.7 CWE-184 57 5 ATLAS
MEDIUM EXPLOIT AVAIL

monai: Path Traversal enables file access

CVE-2026-21851
5.3
EPSS 0.0%
Supply Chain Code Execution Framework
monai Patch: 1.5.2 CWE-22 105 4 ATLAS
HIGH EXPLOIT AVAIL

fickling: Code Injection enables RCE

CVE-2025-67748
--
EPSS 0.0%
Supply Chain Code Execution Framework Model
fickling Patch: 0.1.6 CWE-94 57 5 ATLAS
HIGH EXPLOIT AVAIL

fickling: Allowlist Bypass evades input filtering

CVE-2025-67747
--
EPSS 0.1%
Supply Chain Code Execution Framework Model
fickling Patch: 0.1.6 CWE-184 57 5 ATLAS
HIGH EXPLOIT AVAIL

open-webui: SSRF allows internal network access

CVE-2025-65958
8.5
EPSS 0.1%
Data Extraction Data Leakage Code Execution API RAG
open-webui Patch: 0.6.37 CWE-918 6 ATLAS
CRITICAL KEV

ray: Code Injection enables RCE

CVE-2025-62593
--
EPSS 0.0%
Code Execution Auth Bypass Social Engineering Framework
ray Patch: 2.52.0 CWE-94 845 8 ATLAS
HIGH EXPLOIT AVAIL

open-webui: Code Injection enables RCE

CVE-2025-64496
7.3
EPSS 0.1%
Code Execution Auth Bypass Social Engineering Inference API Plugin
open-webui Patch: 0.6.35 CWE-95 9 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial