AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

230

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 569 results — Medium severity
Severity CVE ID Summary CVSS EPSS Package Date
MEDI E CVE-2026-6599 Langflow: MCP config injection via X-Forwarded-For header 6.3 0.0% langflow Apr 20 MEDI E CVE-2026-6598 Langflow: cleartext auth storage exposes API keys 4.3 0.0% langflow Apr 20 MEDI GHSA-f934-5rqf-xx47 OpenClaw: path traversal in memory_get reads arbitrary workspace files openclaw Apr 17 MEDI CVE-2026-35603 Claude Code: config hijack via unprotected ProgramData dir 0.0% @anthropic-ai/claude-code Apr 17 MEDI GHSA-f7fh-qg34-x2xh openclaw: CDP SSRF enables internal host pivot openclaw Apr 17 MEDI GHSA-jhpv-5j76-m56h OpenClaw: auth bypass leaks host files via media path openclaw Apr 17 MEDI GHSA-536q-mj95-h29h openclaw: SSRF bypass via browser navigation guard gap openclaw Apr 17 MEDI GHSA-qmwg-qprg-3j38 openclaw: CDP pivot bypasses file:// navigation guards openclaw Apr 17 MEDI GHSA-527m-976r-jf79 openclaw: SSRF bypass in existing browser session routes openclaw Apr 17 MEDI GHSA-rj2p-j66c-mgqh openclaw: SSRF policy bypass in browser tab actions openclaw Apr 17 MEDI GHSA-f3h5-h452-vp3j openclaw: insufficient authz allows agent config persistence openclaw Apr 17 MEDI GHSA-jf25-7968-h2h5 openclaw: path traversal bypasses workspace filesystem guard openclaw Apr 17 MEDI GHSA-53vx-pmqw-863c openclaw: Browser SSRF exposes internal services by default openclaw Apr 17 MEDI GHSA-xq94-r468-qwgj openclaw: DNS rebinding bypasses browser SSRF protection openclaw Apr 17 MEDI GHSA-2767-2q9v-9326 openclaw: QQBot SSRF leaks internal service responses openclaw Apr 17 MEDI GHSA-7wv4-cc7p-jhxc openclaw: .env injection hijacks agent runtime config openclaw Apr 17 MEDI GHSA-c9h3-5p7r-mrjh openclaw: path traversal bypasses media sandbox openclaw Apr 17 MEDI GHSA-49cg-279w-m73x openclaw: auth bypass via empty approver list openclaw Apr 17 MEDI GHSA-7g8c-cfr3-vqqr openclaw: trust escalation via unsanitized agent hook events openclaw Apr 17 MEDI GHSA-j6c7-3h5x-99g9 openclaw: OS command injection via shell env-argv bypass openclaw Apr 17

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial