AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

226

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1625 results
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2026-39891 praisonai: SSTI enables RCE via agent instructions 8.8 0.0% praisonai Apr 8 HIGH CVE-2026-39889 PraisonAI: unauth A2U stream leaks all agent activity 7.5 0.0% praisonai Apr 8 CRIT CVE-2026-39888 praisonaiagents: sandbox escape enables host RCE 10.0 0.1% praisonaiagents Apr 8 CRIT E CVE-2026-39890 PraisonAI: YAML deserialization enables unauthenticated RCE 9.8 0.6% praisonai Apr 8 MEDI E CVE-2026-39411 LobeChat: auth bypass via forged XOR obfuscated header 5.0 0.0% @lobehub/lobehub Apr 8 MEDI E CVE-2026-1163 lollms: sessions persist after password reset 4.1 0.0% lollms Apr 8 HIGH CVE-2026-3357 Langflow: deserialization RCE via FAISS component default 8.8 0.4% langflow Apr 8 MEDI CVE-2026-39398 openclaw-claude-bridge: sandbox bypass exposes CLI tools claude-code Apr 8 HIGH GHSA-69x8-hrgq-fjj8 LiteLLM: auth bypass chain enables full privilege escalation litellm Apr 8 HIGH GHSA-89gg-p5r5-q6r4 MONAI: pickle deserialization RCE in Auto3DSeg 7.7 monai Apr 7 MEDI GHSA-83f3-hh45-vfw9 OpenClaw: cleartext WebSocket exposes gateway credentials openclaw Apr 7 MEDI GHSA-jj6q-rrrf-h66h openclaw: timing side-channel leaks shared-secret length openclaw Apr 7 MEDI GHSA-rxmx-g7hr-8mx4 OpenClaw: Zalo webhook dedup collision silently drops events openclaw Apr 7 MEDI GHSA-fh32-73r9-rgh5 OpenClaw: CDP host bypass exposes localhost browser state openclaw Apr 7 MEDI GHSA-w6wx-jq6j-6mcj openclaw: script swap bypasses pnpm dlx approval openclaw Apr 7 MEDI GHSA-98ch-45wp-ch47 OpenClaw: approval bypass via env key normalization gap openclaw Apr 7 MEDI GHSA-2f7j-rp58-mr42 OpenClaw: info disclosure exposes host filesystem paths openclaw Apr 7 MEDI GHSA-2qrv-rc5x-2g2h OpenClaw: untrusted plugin RCE via workspace channel setup openclaw Apr 7 MEDI GHSA-5hff-46vh-rxmw OpenClaw: read-only scope bypass kills agent sessions openclaw Apr 7 MEDI GHSA-4p4f-fc8q-84m3 openclaw: iOS bridge bypass enables unauthorized agent runs openclaw Apr 7

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial