AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
76
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severity Severity CVE ID Summary CVSS EPSS Package Date
HIGH CVE-2026-33079 mistune: ReDoS exposes Jupyter/AI services to DoS — 0.0% mistune May 6 HIGH CVE-2026-42266 JupyterLab: Extension allow-list bypass enables privesc 8.8 — jupyterlab May 5 HIGH CVE-2026-42079 PPTAgent: eval injection enables RCE via LLM prompt injection 8.6 0.0% — May 5 HIGH GHSA-cwj3-vqpp-pmxr openclaw: Model bypasses authz to persist unsafe config 8.8 — openclaw May 5 HIGH GHSA-r39h-4c2p-3jxp OpenClaw: RCE via malicious repo setup-api.js 7.8 — openclaw May 5 HIGH CVE-2026-40110 Jupyter Server: CORS bypass via regex anchor omission — 0.0% jupyter-server May 5 HIGH CVE-2026-35397 Jupyter Server: path traversal leaks sibling directories 7.1 0.0% jupyter-server May 5 HIGH GHSA-wppj-c6mr-83jj openclaw: TOCTOU sandbox escape via symlink swap — — openclaw May 4 HIGH GHSA-r6xh-pqhr-v4xh openclaw: MCP owner-context spoofing, privilege escalation — — openclaw May 4 HIGH CVE-2026-6543 Langflow: RCE exposes API keys and DB credentials 8.8 0.0% langflow Apr 30 HIGH CVE-2026-4503 Langflow Desktop: IDOR leaks user images unauthenticated 7.5 0.1% langflow Apr 30 HIGH CVE-2026-42449 n8n-mcp: SSRF bypass via IPv6 leaks API keys 8.5 0.0% n8n-mcp Apr 30 HIGH CVE-2026-40171 Jupyter Notebook: stored XSS enables full account takeover — 0.1% @jupyterlab/help-extension Apr 30 HIGH E CVE-2026-41680 marked: infinite recursion DoS crashes Node.js via OOM 7.5 0.1% marked Apr 29 HIGH GHSA-v4p8-mg3p-g94g litellm: RCE via MCP test endpoints privilege bypass — — litellm Apr 25 HIGH CVE-2026-40068 Claude Code: git worktree trust bypass executes hooks — 0.1% @anthropic-ai/claude-code Apr 24 HIGH CVE-2026-41486 Ray: Parquet RCE via Arrow extension deserialization — 0.1% ray Apr 24 HIGH GHSA-xqmj-j6mv-4862 LiteLLM: RCE via unsandboxed prompt template rendering — — litellm Apr 24 HIGH E CVE-2026-41279 Flowise: unauth API key abuse via TTS endpoint IDOR 7.5 0.1% flowise Apr 23 HIGH E CVE-2026-41278 Flowise: credential exposure in public chatflow API 7.5 0.0% flowise Apr 23 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial