AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 220 results — Medium severity, has patchopenclaw: auth bypass exposes Gateway bootstrap config
GHSA-93rg-2xm5-2p9v openclaw: TOCTOU race allows out-of-sandbox file read
GHSA-5h3g-6xhh-rg6p OpenClaw: exec allowlist bypass allows hidden shell code
GHSA-x3h8-jrgh-p8jx OpenClaw: .env injection redirects connector endpoints
GHSA-55cf-xx38-4p9p openclaw: ACP child session security envelope bypass
GHSA-q3jj-46pq-826r openclaw: SSRF bypass via Zalo plugin photo URLs
GHSA-2hh7-c75g-qj2r OpenClaw: sender allowlist bypass via Slack thread context
CVE-2026-41358 openclaw: path traversal exposes host files via audio embed
GHSA-gfg9-5357-hv4c openclaw: auth bypass in owner command enforcement
GHSA-c28g-vh7m-fm7v vllm: uninitialized KV cache memory leaks inference data
CVE-2026-7141 openclaw: config guard bypass, persistent settings mutation
GHSA-7jm2-g593-4qrc openclaw: tool policy bypass via bundled MCP/LSP tools
GHSA-qrp5-gfw2-gxv4 OpenClaw: env injection exposes MiniMax API key
GHSA-h2vw-ph2c-jvwf openclaw: env var injection via MCP stdio config
GHSA-mj59-h3q9-ghfh openclaw: env namespace injection steers agent runtime
GHSA-hxvm-xjvf-93f3 openclaw: DM policy bypass via Feishu card-action callbacks
GHSA-72q8-jcmc-97wx openclaw: session key auth bypass in webhook routing
GHSA-2xcp-x87w-q377 n8n-mcp: credential exposure via HTTP transport logging
GHSA-wg4g-395p-mqv3 n8n-mcp: bearer tokens exposed in HTTP transport logs
CVE-2026-41495 nbconvert: path traversal exfiltrates files via HTML export
CVE-2026-39378 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial