AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 512 results — has patch@anthropic-ai/sdk: insecure file perms expose agent memory
CVE-2026-41686 marked: infinite recursion DoS crashes Node.js via OOM
CVE-2026-41680 openclaw: path traversal exposes host files via audio embed
GHSA-gfg9-5357-hv4c openclaw: auth bypass in owner command enforcement
GHSA-c28g-vh7m-fm7v n8n: XML Node prototype pollution → RCE
CVE-2026-42232 n8n: prototype pollution → RCE via Git node SSH
CVE-2026-42231 n8n: stored XSS via MCP OAuth steals agent sessions
CVE-2026-42235 n8n: IDOR exposes cross-user API key exfiltration
CVE-2026-42226 n8n: Python sandbox escape enables container RCE
CVE-2026-42234 n8n: IDOR leaks cross-project variables via API key
CVE-2026-42227 n8n: unauthenticated MCP endpoint causes memory DoS
CVE-2026-42236 n8n: WebSocket auth bypass hijacks AI agent workflows
CVE-2026-42228 n8n: SQL injection in SeaTable node leaks restricted rows
CVE-2026-42229 n8n: MCP OAuth open redirect enables phishing
CVE-2026-42230 n8n: SQL injection in Oracle node allows data exfiltration
CVE-2026-42233 n8n: SQL injection in Snowflake/MySQL nodes bypasses fix
CVE-2026-42237 vllm: uninitialized KV cache memory leaks inference data
CVE-2026-7141 openclaw: config guard bypass, persistent settings mutation
GHSA-7jm2-g593-4qrc openclaw: tool policy bypass via bundled MCP/LSP tools
GHSA-qrp5-gfw2-gxv4 OpenClaw: env injection exposes MiniMax API key
GHSA-h2vw-ph2c-jvwf Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial