AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

226

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 573 results — Medium severity

Severity CVE ID Summary CVSS EPSS Package Date

MEDI CVE-2026-3345 Langflow: path traversal allows arbitrary file read 6.5 0.1% langflow Apr 30 MEDI CVE-2026-4502 Langflow: path traversal enables arbitrary file write 6.5 0.1% langflow Apr 30 MEDI CVE-2026-3346 Langflow Desktop: stored XSS enables credential theft 6.4 0.0% langflow Apr 30 MEDI CVE-2026-3340 IBM Langflow: SSRF enables internal network enumeration 6.5 0.0% langflow Apr 30 MEDI GHSA-gfg9-5357-hv4c openclaw: path traversal exposes host files via audio embed — — openclaw Apr 29 MEDI GHSA-c28g-vh7m-fm7v openclaw: auth bypass in owner command enforcement — — openclaw Apr 29 MEDI E CVE-2026-7141 vllm: uninitialized KV cache memory leaks inference data 5.6 0.1% vllm Apr 27 MEDI E CVE-2026-7020 Ollama: path traversal in tensor model transfer handler 5.6 0.1% ollama Apr 26 MEDI GHSA-7jm2-g593-4qrc openclaw: config guard bypass, persistent settings mutation — — openclaw Apr 25 MEDI GHSA-qrp5-gfw2-gxv4 openclaw: tool policy bypass via bundled MCP/LSP tools — — openclaw Apr 25 MEDI GHSA-h2vw-ph2c-jvwf OpenClaw: env injection exposes MiniMax API key — — openclaw Apr 25 MEDI GHSA-mj59-h3q9-ghfh openclaw: env var injection via MCP stdio config — — openclaw Apr 25 MEDI GHSA-hxvm-xjvf-93f3 openclaw: env namespace injection steers agent runtime — — openclaw Apr 25 MEDI GHSA-72q8-jcmc-97wx openclaw: DM policy bypass via Feishu card-action callbacks — — openclaw Apr 25 MEDI GHSA-2xcp-x87w-q377 openclaw: session key auth bypass in webhook routing — — openclaw Apr 25 MEDI GHSA-wg4g-395p-mqv3 n8n-mcp: credential exposure via HTTP transport logging 4.3 — n8n-mcp Apr 25 MEDI CVE-2026-41481 LangChain: SSRF redirect bypass exposes internal endpoints 6.5 0.0% langchain Apr 24 MEDI CVE-2026-6393 BetterDocs: Auth bypass drains OpenAI API quota 4.3 0.0% — Apr 24 MEDI CVE-2026-41495 n8n-mcp: bearer tokens exposed in HTTP transport logs 5.3 0.0% n8n-mcp Apr 23 MEDI CVE-2026-39378 nbconvert: path traversal exfiltrates files via HTML export 6.5 0.0% nbconvert Apr 21

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial