AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 570 results — Medium severityIBM Langflow: SSRF enables internal network enumeration
CVE-2026-3340 openclaw: path traversal exposes host files via audio embed
GHSA-gfg9-5357-hv4c openclaw: auth bypass in owner command enforcement
GHSA-c28g-vh7m-fm7v vllm: uninitialized KV cache memory leaks inference data
CVE-2026-7141 Ollama: path traversal in tensor model transfer handler
CVE-2026-7020 openclaw: config guard bypass, persistent settings mutation
GHSA-7jm2-g593-4qrc openclaw: tool policy bypass via bundled MCP/LSP tools
GHSA-qrp5-gfw2-gxv4 OpenClaw: env injection exposes MiniMax API key
GHSA-h2vw-ph2c-jvwf openclaw: env var injection via MCP stdio config
GHSA-mj59-h3q9-ghfh openclaw: env namespace injection steers agent runtime
GHSA-hxvm-xjvf-93f3 openclaw: DM policy bypass via Feishu card-action callbacks
GHSA-72q8-jcmc-97wx openclaw: session key auth bypass in webhook routing
GHSA-2xcp-x87w-q377 n8n-mcp: credential exposure via HTTP transport logging
GHSA-wg4g-395p-mqv3 LangChain: SSRF redirect bypass exposes internal endpoints
CVE-2026-41481 BetterDocs: Auth bypass drains OpenAI API quota
CVE-2026-6393 n8n-mcp: bearer tokens exposed in HTTP transport logs
CVE-2026-41495 nbconvert: path traversal exfiltrates files via HTML export
CVE-2026-39378 nbconvert: path traversal enables arbitrary file write
CVE-2026-39377 FastChat: control flow flaw corrupts arena comparison
CVE-2026-6608 Langflow: MCP config injection via X-Forwarded-For header
CVE-2026-6599 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial