AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
79
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 910 results — Active exploitation Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2026-33866 MLflow: auth bypass exposes model artifacts across experiments — 0.0% mlflow Apr 7 MEDI E CVE-2026-33865 MLflow: stored XSS via MLmodel YAML artifact upload — 0.0% mlflow Apr 7 MEDI E CVE-2026-1839 HuggingFace Transformers: RCE via malicious checkpoint load 6.5 0.0% transformers Apr 7 CRIT E CVE-2026-35615 PraisonAI: path traversal exposes full filesystem via agent tools — 0.1% PraisonAI Apr 6 HIGH E CVE-2026-39308 PraisonAI: recipe registry path traversal file write 7.1 0.1% PraisonAI Apr 6 HIGH E CVE-2026-39306 PraisonAI: recipe path traversal allows arbitrary file write 7.3 0.0% PraisonAI Apr 6 CRIT E CVE-2026-39305 PraisonAI: path traversal enables arbitrary file write/RCE 9.0 0.1% PraisonAI Apr 6 HIGH E CVE-2026-39307 PraisonAI: Zip Slip enables arbitrary file write / RCE 8.1 0.0% PraisonAI Apr 6 CRIT E CVE-2026-35022 Claude Code: OS command injection, credential theft 9.8 0.5% — Apr 6 HIGH E CVE-2026-35021 Claude Code CLI: shell injection enables RCE 7.8 0.0% — Apr 6 HIGH E CVE-2026-35020 Claude Code CLI: OS command injection via TERMINAL env 8.4 0.1% claude-code Apr 6 UNKN E CVE-2026-34940 KubeAI: RCE via shell injection in Ollama startup probe — 0.0% — Apr 6 CRIT E CVE-2026-35216 Budibase: Unauthenticated RCE as root via webhook 9.1 0.6% — Apr 4 HIGH E CVE-2026-35394 mobile-mcp: intent injection enables device control via AI agent 8.3 0.0% — Apr 4 HIGH E CVE-2026-35044 BentoML: malicious bento archive RCE via Jinja2 SSTI 8.8 0.0% bentoml Apr 3 HIGH E CVE-2026-35043 BentoML: cmd injection RCE on cloud build infra 7.8 0.0% bentoml Apr 3 UNKN E CVE-2026-35029 LiteLLM: auth bypass allows RCE and full takeover — 14.9% litellm Apr 3 CRIT E CVE-2026-0545 MLflow: auth bypass in job API enables unauthenticated RCE 9.1 5.5% mlflow Apr 3 HIGH E CVE-2026-34954 praisonaiagents: SSRF leaks cloud IAM credentials 8.6 0.0% praisonaiagents Apr 1 HIGH E CVE-2026-34955 PraisonAI: sandbox escape via shell=True blocklist bypass 8.8 0.0% praisonai Apr 1 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial