AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,621

AI/ML CVEs Tracked

226

Critical

92

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1621 results
HIGH

langsmith: security flaw enables exploitation

CVE-2026-25750
8.1
EPSS 0.0%
Prompt Injection Data Leakage Code Execution Framework Agent API
langsmith CWE-74 2.6K 9 ATLAS
HIGH

fickling: Allowlist Bypass evades input filtering

GHSA-5hwf-rc88-82xm
--
Supply Chain Code Execution Framework Model
fickling Patch: 0.1.9 CWE-184 57 5 ATLAS
HIGH

fickling: Protection Bypass circumvents security controls

GHSA-wccx-j62j-r448
--
Code Execution Supply Chain Auth Bypass Framework Model Inference
fickling Patch: 0.1.9 CWE-693 57 5 ATLAS
HIGH

A vulnerability in NLTK versions up to and including 3.9.2 allows arbitrary file read via path traversal in multiple CorpusReader classes, including...

CVE-2026-0847
8.6
EPSS 0.1%
CWE-22
HIGH EXPLOIT AVAIL

bentoml: security flaw enables exploitation

CVE-2026-27905
7.8
EPSS 0.0%
Code Execution Framework Agent Model
bentoml CWE-59 23 6 ATLAS
CRITICAL

picklescan: Allowlist Bypass evades input filtering

GHSA-g38g-8gr9-h9xp
9.8
Supply Chain Code Execution Framework Model
picklescan Patch: 1.0.4 CWE-184 3 7 ATLAS 1 incident
CRITICAL

picklescan: security flaw enables exploitation

GHSA-vvpj-8cmc-gx39
10.0
Supply Chain Code Execution Auth Bypass Model Framework
picklescan Patch: 1.0.4 CWE-183 3 8 ATLAS
CRITICAL

picklescan: Allowlist Bypass evades input filtering

GHSA-7wx9-6375-f5wh
9.8
Supply Chain Code Execution Framework
picklescan Patch: 1.0.4 CWE-184 3 5 ATLAS
HIGH EXPLOIT AVAIL

gradio: SSRF allows internal network access

CVE-2026-28416
8.6
EPSS 0.0%
Data Extraction Code Execution Framework Model Training Data
gradio CWE-918 679 9 ATLAS
MEDIUM

gradio: Info Disclosure leaks sensitive data

CVE-2026-28415
4.7
EPSS 0.0%
Data Extraction Code Execution Auth Bypass Framework RAG API
gradio CWE-200 679 7 ATLAS
HIGH EXPLOIT AVAIL SCANNER

gradio: security flaw enables exploitation

CVE-2026-28414
7.5
EPSS 3.2%
Code Execution Data Extraction Framework API Model
gradio CWE-36 679 9 ATLAS
MEDIUM EXPLOIT AVAIL

gradio: Weak Credentials allow account compromise

CVE-2026-27167
5.9
EPSS 0.0%
Supply Chain Model Poisoning Code Execution Framework Agent API
gradio CWE-522 679 8 ATLAS
CRITICAL EXPLOIT AVAIL

langflow: Code Injection enables RCE

CVE-2026-27966
9.8
EPSS 36.6%
Prompt Injection Code Execution Framework RAG Agent
langflow CWE-94 12 ATLAS
MEDIUM

n8n: XSS enables session hijacking

CVE-2026-27578
5.4
EPSS 0.0%
Prompt Injection Data Extraction Code Execution Agent RAG API
n8n CWE-79 16 10 ATLAS
CRITICAL

n8n: Code Injection enables RCE

CVE-2026-27577
9.9
EPSS 0.2%
Model Poisoning Code Execution Social Engineering Agent RAG API
n8n CWE-94 16 9 ATLAS
HIGH

n8n: Code Injection enables RCE

CVE-2026-27498
8.8
EPSS 0.6%
Model Poisoning Code Execution Agent RAG API
n8n CWE-94 16 10 ATLAS
HIGH

n8n: SQL Injection exposes database

CVE-2026-27497
8.8
EPSS 0.1%
Model Poisoning Code Execution Agent RAG API
n8n CWE-89 16 9 ATLAS
CRITICAL

n8n: Code Injection enables RCE

CVE-2026-27495
9.9
EPSS 0.1%
Code Execution Social Engineering Agent RAG API
n8n CWE-94 16 9 ATLAS
CRITICAL

n8n: security flaw enables exploitation

CVE-2026-27494
9.9
EPSS 0.1%
Code Execution Agent RAG API
n8n CWE-497 16 9 ATLAS
CRITICAL

n8n: Code Injection enables RCE

CVE-2026-27493
9.0
EPSS 0.3%
Code Execution Agent RAG API
n8n CWE-94 16 6 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial