AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 131 results — Critical severity, Active exploitation, no patch

CRITICAL EXPLOIT AVAIL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass...

CVE-2026-41276

flowise CWE-287

CRITICAL EXPLOIT AVAIL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated...

CVE-2026-41268

CRITICAL EXPLOIT AVAIL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection)...

CVE-2026-41267

flowise CWE-639

CRITICAL EXPLOIT AVAIL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the...

CVE-2026-41265

CRITICAL EXPLOIT AVAIL

OpenAI Codex CLI: RCE via malicious MCP config files

CVE-2025-61260

Code Execution Supply Chain Agent Plugin

@openai/codex CWE-94 3.5K 5 ATLAS

CRITICAL EXPLOIT AVAIL

Claude Code: OS command injection, credential theft

CVE-2026-35022

Code Execution Data Extraction Supply Chain Agent API Framework

CRITICAL EXPLOIT AVAIL

Budibase: Unauthenticated RCE as root via webhook

CVE-2026-35216

Code Execution Auth Bypass Data Extraction Framework Agent

CRITICAL EXPLOIT AVAIL

MLflow: auth bypass in job API enables unauthenticated RCE

CVE-2026-0545

Auth Bypass Code Execution DoS Framework Training Data

mlflow CWE-306 624 5 ATLAS

CRITICAL EXPLOIT AVAIL

MLflow: command injection via model_uri in mlserver mode

CVE-2026-0596

Code Execution Supply Chain Framework Inference

CWE-78 4 ATLAS 1 incident

CRITICAL EXPLOIT AVAIL

langflow: security flaw enables exploitation

CVE-2026-33475

Supply Chain Code Execution Data Extraction Framework Agent

langflow CWE-74 5 ATLAS

langflow: Code Injection enables RCE

CVE-2026-33017

Model Poisoning Code Execution Framework Agent API

langflow CWE-95 6 ATLAS

CRITICAL EXPLOIT AVAIL

onnx: Integrity Verification bypass enables tampering

CVE-2026-28500

Supply Chain Model Poisoning Code Execution Framework RAG API

onnx CWE-345 1.1K 10 ATLAS

CRITICAL EXPLOIT AVAIL

OpenClaw: RCE via request-side prompt injection

CVE-2026-30741

Prompt Injection Code Execution Agent Framework

openclaw 4 5 ATLAS 1 incident

CRITICAL EXPLOIT AVAIL

vllm: SSRF allows internal network access

CVE-2026-25960

Data Extraction Data Leakage Code Execution Inference RAG Agent

vllm CWE-918 126 7 ATLAS

CRITICAL EXPLOIT AVAIL

Flowise: auth bypass exposes NVIDIA NIM container endpoints

CVE-2026-30824

Auth Bypass Code Execution Agent Inference Framework

flowise CWE-306 5 ATLAS

CRITICAL EXPLOIT AVAIL

flowise: Arbitrary File Upload enables RCE

CVE-2026-30821

Code Execution Framework RAG Plugin

flowise CWE-434 8 ATLAS 2 incidents

CRITICAL EXPLOIT AVAIL

langflow: Code Injection enables RCE

CVE-2026-27966

Prompt Injection Code Execution Framework RAG Agent

langflow CWE-94 12 ATLAS

CRITICAL EXPLOIT AVAIL

smolagents: SSRF allows internal network access

CVE-2026-2654

Code Execution Data Extraction Auth Bypass Agent Framework Plugin

smolagents CWE-918 86 6 ATLAS

CRITICAL EXPLOIT AVAIL

langroid: Code Injection enables RCE

CVE-2026-25481

Code Execution Prompt Injection Auth Bypass Agent Framework Plugin

CRITICAL EXPLOIT AVAIL

cai-framework: Command Injection enables RCE

CVE-2026-25130

Prompt Injection Code Execution Agent Framework Plugin

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial