AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,625
AI/ML CVEs Tracked
226
Critical
87
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 573 results — Medium severity Severity CVE ID Summary CVSS EPSS Package Date
MEDI CVE-2026-44222 vLLM: token injection DoS via multimodal placeholders 6.5 — vllm May 5 MEDI CVE-2026-43901 wireshark-mcp: path traversal enables arbitrary file write via MCP 6.8 — — May 5 MEDI GHSA-q8ff-7ffm-m3r9 openclaw: stale webhook secret survives credential rotation 6.0 — openclaw May 5 MEDI CVE-2026-40864 JupyterHub: CSRF bypass on spawn and share endpoints 5.4 — jupyterhub May 5 MEDI CVE-2026-42045 LobeChat: XSS-to-RCE via exposed Electron IPC 6.2 — @lobehub/lobehub May 5 MEDI CVE-2026-40934 jupyter-server: auth cookie survives password reset 6.8 0.1% jupyter-server May 5 MEDI E CVE-2025-61669 jupyter-server: Open redirect enables credential phishing — 0.0% jupyter-server May 5 MEDI E CVE-2026-7844 Langchain-Chatchat: auth bypass on file service endpoints 6.3 0.0% — May 5 MEDI CVE-2026-43570 OpenClaw: symlink traversal exposes host filesystem 6.5 0.1% openclaw May 5 MEDI GHSA-93rg-2xm5-2p9v openclaw: auth bypass exposes Gateway bootstrap config — — openclaw May 4 MEDI GHSA-5h3g-6xhh-rg6p openclaw: TOCTOU race allows out-of-sandbox file read — — openclaw May 4 MEDI GHSA-x3h8-jrgh-p8jx OpenClaw: exec allowlist bypass allows hidden shell code — — openclaw May 4 MEDI GHSA-55cf-xx38-4p9p OpenClaw: .env injection redirects connector endpoints — — openclaw May 4 MEDI GHSA-q3jj-46pq-826r openclaw: ACP child session security envelope bypass — — openclaw May 4 MEDI GHSA-2hh7-c75g-qj2r openclaw: SSRF bypass via Zalo plugin photo URLs — — openclaw May 4 MEDI CVE-2026-41358 OpenClaw: sender allowlist bypass via Slack thread context 5.4 0.0% openclaw May 4 MEDI CVE-2026-7700 Langflow: eval() code injection → remote code execution 6.3 0.0% langflow May 3 MEDI CVE-2026-7687 Langflow: command injection in code parser enables RCE 6.3 1.4% langflow May 3 MEDI E CVE-2026-7669 SGLang: deserialization in tokenizer loader enables RCE 5.6 0.1% sglang May 2 MEDI CVE-2026-6542 Langflow: IDOR exposes cross-tenant flow data and deletion 6.5 0.0% langflow Apr 30 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial