AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch

Severity CVE ID Summary CVSS EPSS Package Date

MEDI E CVE-2026-40117 PraisonAI: arbitrary file read via unguarded skill tool 6.2 0.0% praisonaiagents Apr 9 CRIT E CVE-2026-40111 PraisonAI: RCE via shell injection in memory hooks executor — 0.0% praisonaiagents Apr 9 LOW GHSA-cm8v-2vh9-cxf3 openclaw: git env var injection enables host redirect — — openclaw Apr 9 MEDI GHSA-ccx3-fw7q-rr2r openclaw: base64 pre-alloc bypass causes resource exhaustion — — openclaw Apr 9 MEDI GHSA-3vvq-q2qc-7rmp openclaw: no integrity check on ClawHub plugin installs — — openclaw Apr 9 HIGH GHSA-qx8j-g322-qj6m OpenClaw: unsafe body replay on cross-origin redirect — — openclaw Apr 9 MEDI GHSA-w9j9-w4cp-6wgr openclaw: env var injection enables host exec hijacking — — openclaw Apr 9 MEDI GHSA-w8g9-x8gx-crmm OpenClaw: SSRF bypass via Playwright redirect handling — — openclaw Apr 9 LOW GHSA-4f8g-77mw-3rxc OpenClaw: gateway auth expands read to write privilege — — openclaw Apr 9 MEDI GHSA-vr5g-mmx7-h897 OpenClaw: SSRF bypass via interaction-triggered navigation — — openclaw Apr 9 MEDI GHSA-67mf-f936-ppxf OpenClaw: scope misconfiguration enables unauthorized node pairing — — openclaw Apr 9 LOW GHSA-5fc7-f62m-8983 OpenClaw: local file read bypasses workspace policy — — openclaw Apr 9 MEDI GHSA-3fv3-6p2v-gxwj openclaw: SSRF bypass in QQ Bot media fetch paths — — openclaw Apr 9 MEDI GHSA-5h3f-885m-v22w openclaw: WS sessions persist after gateway token rotation — — openclaw Apr 9 LOW GHSA-25wv-8phj-8p7r OpenClaw: auth rate-limit bypass via async race condition — — openclaw Apr 9 HIGH GHSA-5wj5-87vq-39xm openclaw: auth bypass enables exec escalation on reconnect — — openclaw Apr 9 MEDI GHSA-vc32-h5mq-453v OpenClaw: cross-channel allowlist write bypass — — openclaw Apr 9 MEDI GHSA-68x5-xx89-w9mm OpenClaw: stale auth closure bypasses gateway access control — — openclaw Apr 9 MEDI GHSA-cmfr-9m2r-xwhq OpenClaw: auth bypass enables persistent browser profile mutation — — openclaw Apr 9 MEDI GHSA-whf9-3hcx-gq54 OpenClaw: token rotation bypasses role approval — — openclaw Apr 9

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial