AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1092 results — no patch
Severity CVE ID Summary CVSS EPSS Package Date
HIGH GHSA-p4h8-56qp-hpgv mcp-ssh: argument injection enables LLM-driven local RCE Apr 14 MEDI CVE-2026-35651 OpenClaw: ANSI injection spoof AI agent approval prompts 4.3 0.0% openclaw Apr 10 HIGH E CVE-2026-40217 LiteLLM: RCE via bytecode rewriting in guardrails API 8.8 0.2% litellm Apr 10 HIGH E CVE-2026-40116 PraisonAI: unauth WebSocket drains OpenAI API credits 7.5 0.1% praisonai Apr 9 HIGH E CVE-2026-40113 PraisonAI: arg injection injects env vars into Cloud Run 8.4 0.0% praisonai Apr 9 MEDI E CVE-2026-40112 PraisonAI: XSS via no-op HTML sanitizer in agent output 5.4 0.0% praisonai Apr 9 MEDI CVE-2026-40087 LangChain: template injection leaks object attributes 5.3 0.1% langchain-core Apr 9 HIGH CVE-2026-39974 n8n-MCP: SSRF exposes cloud metadata via MCP headers 8.5 0.0% Apr 9 MEDI E CVE-2026-5803 openai-realtime-ui: SSRF in API proxy endpoint 6.3 0.0% Apr 8 MEDI E CVE-2026-1163 lollms: sessions persist after password reset 4.1 0.0% lollms Apr 8 HIGH CVE-2026-3357 Langflow: deserialization RCE via FAISS component default 8.8 0.4% langflow Apr 8 MEDI CVE-2026-39398 openclaw-claude-bridge: sandbox bypass exposes CLI tools claude-code Apr 8 HIGH E CVE-2026-35485 text-generation-webui: unauthenticated path traversal file read 7.5 0.4% gradio Apr 7 MEDI E CVE-2026-33866 MLflow: auth bypass exposes model artifacts across experiments 0.0% mlflow Apr 7 CRIT E CVE-2026-35022 Claude Code: OS command injection, credential theft 9.8 0.5% Apr 6 HIGH E CVE-2026-35021 Claude Code CLI: shell injection enables RCE 7.8 0.0% Apr 6 HIGH E CVE-2026-35020 Claude Code CLI: OS command injection via TERMINAL env 8.4 0.1% claude-code Apr 6 UNKN E CVE-2026-34940 KubeAI: RCE via shell injection in Ollama startup probe 0.0% Apr 6 MEDI CVE-2026-5530 Ollama: SSRF in Model Pull API enables network pivot 6.3 0.0% Apr 5 MEDI GHSA-mvv8-v4jj-g47j Directus: cleartext storage exposes AI API keys 6.5 Apr 4

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial