AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severitymistune: ReDoS exposes Jupyter/AI services to DoS
CVE-2026-33079 JupyterLab: Extension allow-list bypass enables privesc
CVE-2026-42266 PPTAgent: eval injection enables RCE via LLM prompt injection
CVE-2026-42079 openclaw: Model bypasses authz to persist unsafe config
GHSA-cwj3-vqpp-pmxr OpenClaw: RCE via malicious repo setup-api.js
GHSA-r39h-4c2p-3jxp Jupyter Server: CORS bypass via regex anchor omission
CVE-2026-40110 Jupyter Server: path traversal leaks sibling directories
CVE-2026-35397 openclaw: TOCTOU sandbox escape via symlink swap
GHSA-wppj-c6mr-83jj openclaw: MCP owner-context spoofing, privilege escalation
GHSA-r6xh-pqhr-v4xh Langflow: RCE exposes API keys and DB credentials
CVE-2026-6543 Langflow Desktop: IDOR leaks user images unauthenticated
CVE-2026-4503 n8n-mcp: SSRF bypass via IPv6 leaks API keys
CVE-2026-42449 Jupyter Notebook: stored XSS enables full account takeover
CVE-2026-40171 marked: infinite recursion DoS crashes Node.js via OOM
CVE-2026-41680 litellm: RCE via MCP test endpoints privilege bypass
GHSA-v4p8-mg3p-g94g Claude Code: git worktree trust bypass executes hooks
CVE-2026-40068 Ray: Parquet RCE via Arrow extension deserialization
CVE-2026-41486 LiteLLM: RCE via unsandboxed prompt template rendering
GHSA-xqmj-j6mv-4862 Flowise: unauth API key abuse via TTS endpoint IDOR
CVE-2026-41279 Flowise: credential exposure in public chatflow API
CVE-2026-41278 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial