AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch
Severity CVE ID Summary CVSS EPSS Package Date
MEDI GHSA-x783-xp3g-mqhp PraisonAI: SQL injection via table_prefix exposes DB PraisonAI Apr 10 HIGH E CVE-2026-40114 PraisonAI: unauthenticated SSRF via unvalidated webhook_url 7.2 0.0% PraisonAI Apr 10 MEDI GHSA-ffp3-3562-8cv3 PraisonAI: tool approval bypass leaks env credentials 5.5 praisonaiagents Apr 10 HIGH E CVE-2026-40160 praisonaiagents: SSRF in web_crawl exposes cloud metadata 0.0% praisonaiagents Apr 10 HIGH GHSA-x462-jjpc-q4q4 praisonaiagents: CORS bypass enables silent agent RCE 8.1 praisonaiagents Apr 10 MEDI E CVE-2026-40159 PraisonAI: MCP env inheritance exposes API keys 5.5 0.0% PraisonAI Apr 10 CRIT E CVE-2026-40157 PraisonAI: path traversal allows arbitrary file write via recipe unpack 0.1% PraisonAI Apr 10 HIGH E CVE-2026-40156 PraisonAI: auto tools.py load enables local RCE 7.8 0.0% praisonai Apr 10 MEDI E CVE-2026-40148 PraisonAI: decompression bomb causes disk exhaustion 6.5 0.0% PraisonAI Apr 10 CRIT E CVE-2026-40154 PraisonAI: supply chain RCE via unverified template exec 9.3 0.0% PraisonAI Apr 10 HIGH GHSA-qwgj-rrpj-75xm PraisonAI: hardcoded approval bypass enables RCE 8.8 PraisonAI Apr 10 HIGH E CVE-2026-40158 PraisonAI: AST sandbox bypass enables host RCE 8.6 0.0% PraisonAI Apr 10 MEDI E CVE-2026-40152 praisonaiagents: glob traversal leaks filesystem metadata 5.3 0.0% praisonaiagents Apr 10 HIGH E CVE-2026-40153 praisonaiagents: env var expansion exposes production secrets 7.4 0.0% praisonaiagents Apr 10 MEDI E CVE-2026-40151 PraisonAI: unauthenticated agent config and system prompt disclosure 5.3 0.0% PraisonAI Apr 10 HIGH E CVE-2026-40149 PraisonAI: auth bypass disables agent safety controls 7.9 0.0% PraisonAI Apr 10 MEDI E CVE-2026-40115 PraisonAI: unbounded body read enables local DoS 6.2 0.1% PraisonAI Apr 10 CRIT E CVE-2026-1115 lollms: Stored XSS enables wormable account takeover 9.6 0.0% lollms Apr 10 MEDI E CVE-2026-6011 OpenClaw: SSRF via web-fetch enables internal network pivot 5.6 0.1% openclaw Apr 10 HIGH E CVE-2026-40150 PraisonAIAgents: SSRF exposes cloud metadata via web_crawl 7.7 0.0% praisonaiagents Apr 9

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial