AI Security Threat Feed

open-webui: mass assignment enables cross-user folder injection

CVE-2026-44550

5.0

Auth Bypass Social Engineering Privacy Violation Framework API

open-webui Patch: 0.9.0 CWE-862 4 ATLAS

CRITICAL

open-webui: LDAP auth bypass — full account takeover

CVE-2026-44551

9.1

Auth Bypass Data Extraction Framework API

open-webui Patch: 0.9.0 CWE-287 4 ATLAS

open-webui: XSS in model descriptions steals session tokens

CVE-2026-44721

7.3

Auth Bypass Code Execution Data Extraction API Framework

open-webui Patch: 0.9.0 CWE-79 5 ATLAS

n8n-mcp: path traversal + SSRF exposes n8n API keys

GHSA-8g7g-hmwm-6rv2

8.3

Auth Bypass Data Extraction Data Leakage Agent Plugin

n8n-mcp Patch: 2.50.1 CWE-22 16 6 ATLAS

UNKNOWN

n8n-MCP: SSRF allows internal network access via webhook tools

CVE-2026-44694

EPSS 0.0%

Data Extraction Prompt Injection Auth Bypass Agent Plugin

n8n-mcp Patch: 2.50.2 CWE-367 16 5 ATLAS

Data Extraction Supply Chain Framework

BentoML: symlink traversal exfiltrates host secrets at build

CVE-2026-40610

5.5

2d ago

bentoml Patch: 1.4.39 CWE-59 23 4 ATLAS

diffusers: trust_remote_code bypass enables silent RCE

CVE-2026-44513

Supply Chain Code Execution Framework Model

diffusers Patch: 0.38.0 CWE-94 392 4 ATLAS

CRITICAL

vm2: sandbox escape via nesting:true enables RCE

CVE-2026-44007

9.1

Code Execution Auth Bypass Agent Framework

vm2 Patch: 3.11.1 CWE-284 1.5K 5 ATLAS

diffusers: silent RCE via None.py trust_remote_code bypass

GHSA-j7w6-vpvq-j3gm

Code Execution Supply Chain Framework Model

diffusers Patch: 0.38.0 CWE-94 392 6 ATLAS

Aegra: cross-tenant IDOR hijacks user thread data

CVE-2026-44504

Auth Bypass Data Extraction Data Leakage Framework Agent

aegra-api Patch: 0.9.7 CWE-285 3.1K 5 ATLAS

@axonflow/openclaw: credential exposure via insecure file permissions

GHSA-cqmh-pcgr-q42f

5.5

Data Leakage Auth Bypass Privacy Violation Plugin Agent

@axonflow/openclaw Patch: 2.0.0 CWE-552 4 5 ATLAS

Code Execution Auth Bypass Supply Chain Agent Framework Plugin

praisonai: RCE via unpatched tool_override exec_module

praisonai Patch: 4.6.32 CWE-94 1 5 ATLAS

praisonaiagents: SSRF via URL parser confusion bypass

CVE-2026-44335

EPSS 0.0%

Auth Bypass Data Extraction Agent Plugin

praisonaiagents Patch: 1.6.32 CWE-918 11 4 ATLAS

Supply Chain Code Execution Framework

GitPython: git config injection enables hook RCE

GitPython Patch: 3.1.49 CWE-94 81 3 ATLAS

vllm Patch: 0.20.0 CWE-131 127 2 ATLAS

vLLM: speculative decoding DoS via penalty params

JupyterLab: one-click RCE via notebook HTML cell output

CVE-2026-42557

Code Execution Social Engineering Supply Chain Framework Plugin

notebook Patch: 7.5.6 CWE-79 2.9K 8 ATLAS

mistune: ReDoS exposes Jupyter/AI services to DoS

CVE-2026-33079

EPSS 0.0%

DoS Supply Chain Framework API

mistune Patch: 3.2.1 CWE-1333 1.9K 4 ATLAS

DoS Prompt Injection Inference Model Framework

vLLM: token injection DoS via multimodal placeholders

CVE-2026-44222

6.5

4d ago

vllm Patch: 0.20.0 CWE-129 127 5 ATLAS

JupyterLab: Extension allow-list bypass enables privesc

CVE-2026-42266

Supply Chain Auth Bypass Code Execution Framework Plugin

4d ago

jupyterlab Patch: 4.5.7 CWE-20 1.9K 4 ATLAS

openclaw: Model bypasses authz to persist unsafe config

GHSA-cwj3-vqpp-pmxr