AI Security Threat Feed

open-webui: auth bypass allows unrestricted model access

CVE-2026-44556

7.1

Auth Bypass DoS Data Extraction API Inference Model

open-webui Patch: 0.9.0 CWE-284 8 ATLAS

open-webui: access control bypass via model chaining

CVE-2026-44555

7.6

Auth Bypass API Model Inference

open-webui Patch: 0.9.0 CWE-862 4 ATLAS

open-webui: Redis cache poisoning enables cross-instance tool hijack

CVE-2026-44552

8.7

Supply Chain Data Extraction Prompt Injection Agent Plugin Framework

open-webui Patch: 0.9.0 CWE-668 6 ATLAS

open-webui: stale Socket.IO role allows cross-user note R/W

CVE-2026-44553

8.1

Auth Bypass Data Extraction Privacy Violation API Framework

open-webui Patch: 0.9.0 CWE-384 5 ATLAS

open-webui: mass assignment enables cross-user folder injection

CVE-2026-44550

5.0

Auth Bypass Social Engineering Privacy Violation Framework API

open-webui Patch: 0.9.0 CWE-862 4 ATLAS

CRITICAL

open-webui: LDAP auth bypass — full account takeover

CVE-2026-44551

9.1

Auth Bypass Data Extraction Framework API

open-webui Patch: 0.9.0 CWE-287 4 ATLAS

open-webui: XSS in model descriptions steals session tokens

CVE-2026-44721

7.3

Auth Bypass Code Execution Data Extraction API Framework

open-webui Patch: 0.9.0 CWE-79 5 ATLAS

n8n-mcp: path traversal + SSRF exposes n8n API keys

GHSA-8g7g-hmwm-6rv2

8.3

Auth Bypass Data Extraction Data Leakage Agent Plugin

n8n-mcp Patch: 2.50.1 CWE-22 16 6 ATLAS

AWAITING NVD

n8n-MCP: SSRF allows internal network access via webhook tools

CVE-2026-44694

EPSS 0.0%

Data Extraction Prompt Injection Auth Bypass Agent Plugin

n8n-mcp Patch: 2.50.2 CWE-367 16 5 ATLAS

Code Execution Auth Bypass Framework API Inference

LiteLLM: RCE via MCP test endpoint command injection

litellm CWE-77 4 5 ATLAS

CRITICAL EXPLOIT ACTIVE

LiteLLM: SQL injection exposes LLM API credentials

Auth Bypass Data Extraction Supply Chain API Inference

litellm CWE-89 4 5 ATLAS

AWAITING NVD

LiteLLM: SSTI in prompt template endpoint enables RCE

CVE-2026-42203

EPSS 0.0%

4d ago

Code Execution Data Extraction API Inference

litellm CWE-1336 4 5 ATLAS

Data Extraction Supply Chain Framework

BentoML: symlink traversal exfiltrates host secrets at build

CVE-2026-40610

5.5

4d ago

bentoml Patch: 1.4.39 CWE-59 23 4 ATLAS

diffusers: trust_remote_code bypass enables silent RCE

CVE-2026-44513

8.8

Supply Chain Code Execution Framework Model

diffusers Patch: 0.38.0 CWE-94 392 4 ATLAS

CRITICAL

vm2: sandbox escape via nesting:true enables RCE

CVE-2026-44007

9.1

Code Execution Auth Bypass Agent Framework

vm2 Patch: 3.11.1 CWE-284 1.5K 5 ATLAS

diffusers: silent RCE via None.py trust_remote_code bypass

GHSA-j7w6-vpvq-j3gm

8.8

Code Execution Supply Chain Framework Model

diffusers Patch: 0.38.0 CWE-94 392 6 ATLAS

Aegra: cross-tenant IDOR hijacks user thread data

CVE-2026-44504

Auth Bypass Data Extraction Data Leakage Framework Agent

aegra-api Patch: 0.9.7 CWE-285 3.1K 5 ATLAS

CRITICAL

pytorch-lightning: supply chain, credential harvesting

CVE-2026-44484

Supply Chain Data Extraction Code Execution Framework

pytorch-lightning CWE-506 1.6K 5 ATLAS

vercel: auth token leak in AI agent non-interactive mode

CVE-2026-44479

5.5

Data Leakage Auth Bypass Agent API

CWE-200 5 ATLAS

@axonflow/openclaw: credential exposure via insecure file permissions

GHSA-cqmh-pcgr-q42f

5.5