AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultsanthropic-ai/sdk: memory tool path traversal escape
CVE-2026-34451 anthropic-sdk: insecure file perms expose agent memory
CVE-2026-34450 Claude Setup: DLL search-order hijacking LPE
CVE-2026-22561 MLflow: command injection via model_uri in mlserver mode
CVE-2026-0596 1millionbot Millie: Boolean prompt injection bypasses restrictions
CVE-2026-4399 telnyx: PyPI supply chain attack steals cloud creds
GHSA-955r-262c-33jc OpenClaw: .npmrc hijack enables RCE on plugin install
GHSA-m3mh-3mpg-37hw OpenClaw: HTTP scope bypass enables model enumeration
GHSA-68f8-9mhj-h2mp OpenClaw: sandbox escape via mediaUrl path traversal
GHSA-hr5v-j9h9-xjhg awesome-llm-apps MCP Agent: cross-session credential theft
CVE-2026-29872 CrewAI: Docker sandbox fallback enables RCE
CVE-2026-2287 CrewAI: SSRF via unvalidated RAG tool URLs exposes internal services
CVE-2026-2286 CrewAI: arbitrary file read via JSON loader tool
CVE-2026-2285 CrewAI: RCE via Docker fallback in CodeInterpreter
CVE-2026-2275 MLflow: RCE via unsanitized model dependency specs
CVE-2025-15379 MLflow: path traversal enables sandbox escape, file overwrite
CVE-2025-15036 openclaw: webhook rate-limit bypass enables token brute-force
CVE-2026-35646 openclaw: unauthenticated webhook parsing enables DoS
CVE-2026-35640 openclaw: SSRF in channel extensions hits internal network
CVE-2026-35629 openclaw: auth bypass exposes agent session history via HTTP
CVE-2026-35657 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial