AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results
HIGH

Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining

CVE-2026-44555
7.6
open-webui Patch: 0.9.0 CWE-862
HIGH

Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

CVE-2026-44552
8.7
open-webui Patch: 0.9.0 CWE-668
HIGH

Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

CVE-2026-44553
8.1
open-webui Patch: 0.9.0 CWE-384
MEDIUM

Open WebUI's Mass Assignment via Pydantic extra='allow' Allows Creating Folders in Other Users' Accounts

CVE-2026-44550
5.0
open-webui Patch: 0.9.0 CWE-862
CRITICAL

Open WebUI has an LDAP Empty Password Authentication Bypass

CVE-2026-44551
9.1
open-webui Patch: 0.9.0 CWE-287
HIGH

open-webui Vulnerable to Stored XSS via Model Description

CVE-2026-44721
7.3
open-webui Patch: 0.9.0 CWE-79
HIGH

n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure

GHSA-8g7g-hmwm-6rv2
8.3
n8n-mcp Patch: 2.50.1 CWE-22 16
UNKNOWN

n8n-mcp webhook and API client paths has an authenticated SSRF

CVE-2026-44694
--
n8n-mcp Patch: 2.50.2 CWE-367 16
HIGH

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to...

CVE-2026-42271
8.8
EPSS 0.0%
litellm CWE-77 4
CRITICAL

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used...

CVE-2026-42208
9.8
EPSS 0.1%
litellm CWE-89 4
UNKNOWN

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.80.5 to before version 1.83.7, the POST /prompts/test...

CVE-2026-42203
--
EPSS 0.0%
CWE-1336
MEDIUM

BentoML has Information Disclosure in `bentoml build` via symlink traversal in the build context

CVE-2026-40610
5.5
bentoml Patch: 1.4.39 CWE-59 22
HIGH

Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components

CVE-2026-44513
8.8
diffusers Patch: 0.38.0 CWE-94 385
CRITICAL

vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution

CVE-2026-44007
9.1
vm2 Patch: 3.11.1 CWE-284 1.4K
HIGH

Diffusers: None.py has Trust Remote Code Bypass

GHSA-j7w6-vpvq-j3gm
8.8
diffusers Patch: 0.38.0 CWE-94 385
HIGH

Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR)

CVE-2026-44504
--
aegra-api Patch: 0.9.7 CWE-285 3.1K
CRITICAL

Compromise of PyTorch Lightning PyPi Package Versions

CVE-2026-44484
--
pytorch-lightning CWE-506 1.6K
MEDIUM

Vercel: Non-interactive mode includes CLI arguments in suggested command output

CVE-2026-44479
5.5
CWE-200
MEDIUM

@axonflow/openclaw fix introduces plugin cache and credential-file permission hardening

GHSA-cqmh-pcgr-q42f
5.5
@axonflow/openclaw Patch: 2.0.0 CWE-552 4
HIGH

PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)

CVE-2026-44334
8.4
praisonai Patch: 4.6.32 CWE-94 1

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial