AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,621

AI/ML CVEs Tracked

226

Critical

92

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1621 results
Severity CVE ID Summary CVSS EPSS Package Date
MEDI CVE-2026-27794 langgraph-checkpoint: Deserialization enables RCE 6.6 0.4% langgraph-checkpoint Feb 25 MEDI CVE-2026-27795 LangChain: SSRF allows internal network access 4.1 0.0% Feb 25 MEDI GHSA-mhc9-48gj-9gp3 fickling: Allowlist Bypass evades input filtering fickling Feb 25 HIGH GHSA-mxhj-88fx-4pcv fickling: security flaw enables exploitation fickling Feb 24 CRIT CVE-2026-2635 mlflow: security flaw enables exploitation 9.8 1.1% mlflow Feb 20 UNKN CVE-2026-2492 TensorFlow: security flaw enables exploitation 0.0% Feb 20 HIGH E CVE-2026-2033 mlflow: Path Traversal enables file access 8.1 14.7% mlflow Feb 20 HIGH CVE-2026-2472 google-cloud-aiplatform: XSS enables session hijacking 0.1% Feb 20 MEDI E CVE-2026-27482 ray: Missing Auth allows unauthenticated access 5.9 0.1% ray Feb 20 LOW GHSA-83pf-v6qq-pwmr fickling: Allowlist Bypass evades input filtering fickling Feb 20 HIGH CVE-2026-27001 OpenClaw: prompt injection via unsanitized workspace path 7.8 0.0% openclaw Feb 20 MEDI CVE-2026-26972 OpenClaw: path traversal allows arbitrary file write 6.7 0.0% openclaw Feb 20 HIGH CVE-2026-26321 OpenClaw: path traversal enables local file exfiltration 7.5 0.0% openclaw Feb 19 MEDI CVE-2026-26320 OpenClaw: UI deception enables arbitrary command execution 6.5 0.0% openclaw Feb 19 HIGH E CVE-2026-26286 sillytavern: SSRF allows internal network access 8.5 0.0% Feb 19 CRIT CVE-2026-26030 semantic-kernel: Code Injection enables RCE 10.0 0.1% semantic-kernel Feb 19 LOW E CVE-2026-24764 OpenClaw: indirect prompt injection via Slack metadata 3.7 0.0% openclaw Feb 19 MEDI CVE-2025-12343 ffmpeg: security flaw enables exploitation 5.5 0.0% Feb 18 HIGH GHSA-97f8-7cmv-76j2 picklescan: Allowlist Bypass evades input filtering picklescan Feb 18 CRIT E CVE-2026-2654 smolagents: SSRF allows internal network access 9.8 0.0% smolagents Feb 18

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial