AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 267 results — Medium severity, Active exploitation
Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2026-7141 A vulnerability was found in vllm up to 0.19.0.... 5.6 0.1% vllm Apr 27 MEDI E CVE-2026-7020 A security flaw has been discovered in Ollama up... 5.6 0.1% Apr 26 MEDI E CVE-2026-6608 A vulnerability was detected in lm-sys fastchat... 5.3 0.0% fschat Apr 20 MEDI E CVE-2026-6599 A vulnerability was detected in langflow-ai... 6.3 0.0% langflow Apr 20 MEDI E CVE-2026-6598 A security vulnerability has been detected in... 4.3 0.0% langflow Apr 20 MEDI E CVE-2026-40190 langsmith: prototype pollution enables auth bypass, RCE 5.6 0.1% langsmith Apr 10 MEDI E CVE-2026-40086 rembg: path traversal exposes arbitrary files via HTTP API 5.3 0.1% rembg Apr 10 MEDI E CVE-2026-40159 PraisonAI: MCP env inheritance exposes API keys 5.5 0.0% PraisonAI Apr 10 MEDI E CVE-2026-40148 PraisonAI: decompression bomb causes disk exhaustion 6.5 0.0% PraisonAI Apr 10 MEDI E CVE-2026-40152 praisonaiagents: glob traversal leaks filesystem metadata 5.3 0.0% praisonaiagents Apr 10 MEDI E CVE-2026-40151 PraisonAI: unauthenticated agent config and system prompt disclosure 5.3 0.0% PraisonAI Apr 10 MEDI E CVE-2026-40115 PraisonAI: unbounded body read enables local DoS 6.2 0.1% PraisonAI Apr 10 MEDI E CVE-2026-6011 OpenClaw: SSRF via web-fetch enables internal network pivot 5.6 0.1% openclaw Apr 10 MEDI E CVE-2026-40117 PraisonAI: arbitrary file read via unguarded skill tool 6.2 0.0% praisonaiagents Apr 9 MEDI E CVE-2026-40112 PraisonAI: XSS via no-op HTML sanitizer in agent output 5.4 0.0% praisonai Apr 9 MEDI E CVE-2026-5803 openai-realtime-ui: SSRF in API proxy endpoint 6.3 0.0% Apr 8 MEDI E CVE-2026-39411 LobeChat: auth bypass via forged XOR obfuscated header 5.0 0.0% @lobehub/lobehub Apr 8 MEDI E CVE-2026-1163 lollms: sessions persist after password reset 4.1 0.0% lollms Apr 8 MEDI E CVE-2026-33866 MLflow: auth bypass exposes model artifacts across experiments 0.0% mlflow Apr 7 MEDI E CVE-2026-33865 MLflow: stored XSS via MLmodel YAML artifact upload 0.0% mlflow Apr 7

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial