AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

78

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch
MEDIUM

n8n: OAuth state forgery hijacks user credentials

CVE-2026-33720
4.2
EPSS 0.0%
Auth Bypass Social Engineering Data Extraction Agent Framework API
n8n Patch: 2.8.0 CWE-863 16 6 ATLAS
HIGH

n8n: SQLi in Data Table node, full DB compromise

CVE-2026-33713
8.8
EPSS 0.0%
Code Execution Data Extraction Data Leakage Agent Framework Plugin
n8n Patch: 1.123.26 CWE-89 16 6 ATLAS
HIGH

n8n: Prototype pollution enables RCE via workflow nodes

CVE-2026-33696
8.8
EPSS 0.2%
Code Execution Supply Chain Agent Framework Plugin
n8n Patch: 2.14.1 CWE-1321 16 7 ATLAS
HIGH

n8n: LDAP email match enables permanent account takeover

CVE-2026-33665
8.2
EPSS 0.0%
Auth Bypass Code Execution Data Extraction Agent Framework
n8n Patch: 2.4.0 CWE-287 16 5 ATLAS
CRITICAL

n8n: member role steals plaintext HTTP credentials

CVE-2026-33663
10.0
EPSS 0.0%
Auth Bypass Data Extraction Data Leakage Agent Framework API
n8n Patch: 1.123.27 CWE-639 16 6 ATLAS
CRITICAL

TensorFlow: type confusion NPD in tensor conversion

CVE-2026-33660
10.0
EPSS 0.1%
Code Execution DoS Framework Inference
n8n Patch: 2.14.1 CWE-94 16 3 ATLAS
MEDIUM

n8n: uninitialized buffer leaks secrets via Task Runner

CVE-2026-27496
6.5
EPSS 0.0%
Data Leakage Data Extraction Agent Framework
n8n Patch: 1.123.22 CWE-908 16 4 ATLAS
HIGH EXPLOIT AVAIL

langflow: Path Traversal enables file access

CVE-2026-33497
7.5
EPSS 0.0%
Data Extraction Auth Bypass Framework Agent
langflow Patch: 1.7.1 CWE-22 5 ATLAS
CRITICAL EXPLOIT AVAIL

langflow: Path Traversal enables file access

CVE-2026-33309
9.9
EPSS 0.0%
Code Execution Auth Bypass Supply Chain Framework Agent Plugin
langflow Patch: 1.9.0 CWE-22 8 ATLAS
CRITICAL EXPLOIT AVAIL

mlflow: Path Traversal enables file access

CVE-2025-15031
9.1
EPSS 0.4%
Supply Chain Model Poisoning Code Execution Framework Model Training Data
mlflow Patch: 3.9.0rc0 CWE-22 624 6 ATLAS
HIGH EXPLOIT AVAIL

mlflow: Code Injection enables RCE

CVE-2025-14287
7.5
EPSS 0.3%
Supply Chain Model Poisoning Code Execution Framework Model
mlflow Patch: 3.8.0rc0 CWE-94 624 7 ATLAS
MEDIUM

fickling: Allowlist Bypass evades input filtering

GHSA-5cxw-w2xg-2m8h
--
Supply Chain Data Extraction Code Execution Framework Model Training Data
fickling Patch: 0.1.10 CWE-184 57 5 ATLAS
MEDIUM

fickling: Allowlist Bypass evades input filtering

GHSA-r48f-3986-4f9c
--
Data Extraction Code Execution Auth Bypass Framework
fickling Patch: 0.1.10 CWE-184 57 5 ATLAS
HIGH EXPLOIT AVAIL

Flowise: SSRF via HTTP Node exposes internal network

CVE-2026-31829
8.8
EPSS 0.1%
Data Extraction Auth Bypass Agent Framework
flowise-components Patch: 3.0.13 CWE-918 4 ATLAS
CRITICAL EXPLOIT AVAIL

mcp-atlassian: Path Traversal enables file access

CVE-2026-27825
9.1
EPSS 0.0%
Code Execution Prompt Injection Supply Chain Agent Plugin Framework
mcp-atlassian Patch: 0.17.0 CWE-22 6 ATLAS
HIGH EXPLOIT AVAIL

mcp-atlassian: SSRF allows internal network access

CVE-2026-27826
8.2
EPSS 0.1%
Auth Bypass Prompt Injection Data Extraction Agent Plugin API
mcp-atlassian Patch: 0.17.0 CWE-918 7 ATLAS
HIGH

sagemaker: Allowlist Bypass evades input filtering

GHSA-5r2p-pjr8-7fh7
--
Code Execution Supply Chain Data Extraction Framework API
sagemaker Patch: 3.4.0 CWE-184 51 3 ATLAS
MEDIUM

langgraph: Deserialization enables RCE

CVE-2026-28277
6.8
EPSS 0.3%
Code Execution Data Leakage Supply Chain Framework Agent
langgraph Patch: 1.0.10 CWE-502 3.1K 5 ATLAS
HIGH

xgrammar: security flaw enables exploitation

CVE-2026-25048
--
EPSS 0.1%
DoS Inference Framework
xgrammar Patch: 0.1.32 CWE-674 152 4 ATLAS
HIGH

fickling: Allowlist Bypass evades input filtering

GHSA-5hwf-rc88-82xm
--
Supply Chain Code Execution Framework Model
fickling Patch: 0.1.9 CWE-184 57 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial