AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,625
AI/ML CVEs Tracked
230
Critical
87
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 results Severity CVE ID Summary CVSS EPSS Package Date
HIGH CVE-2026-44334 praisonai: RCE via unpatched tool_override exec_module 8.4 0.0% praisonai May 6 HIGH E CVE-2026-44335 praisonaiagents: SSRF via URL parser confusion bypass — 0.0% praisonaiagents May 6 HIGH E CVE-2026-44244 GitPython: git config injection enables hook RCE 7.8 0.0% GitPython May 6 MEDI CVE-2026-44223 vLLM: speculative decoding DoS via penalty params 6.5 — vllm May 6 HIGH CVE-2026-42557 JupyterLab: one-click RCE via notebook HTML cell output — — notebook May 6 HIGH E CVE-2026-33079 mistune: ReDoS exposes Jupyter/AI services to DoS — 0.0% mistune May 6 MEDI CVE-2026-44222 vLLM: token injection DoS via multimodal placeholders 6.5 — vllm May 5 LOW CVE-2026-44220 ciguard: symlink traversal exposes secrets via MCP agent — — — May 5 HIGH CVE-2026-42266 JupyterLab: Extension allow-list bypass enables privesc 8.8 — jupyterlab May 5 MEDI CVE-2026-43901 wireshark-mcp: path traversal enables arbitrary file write via MCP 6.8 — — May 5 HIGH E CVE-2026-42079 PPTAgent: eval injection enables RCE via LLM prompt injection 8.6 0.0% — May 5 HIGH GHSA-cwj3-vqpp-pmxr openclaw: Model bypasses authz to persist unsafe config 8.8 — openclaw May 5 HIGH GHSA-r39h-4c2p-3jxp OpenClaw: RCE via malicious repo setup-api.js 7.8 — openclaw May 5 MEDI GHSA-q8ff-7ffm-m3r9 openclaw: stale webhook secret survives credential rotation 6.0 — openclaw May 5 CRIT CVE-2026-42048 Langflow: path traversal allows arbitrary directory deletion 9.6 — langflow May 5 MEDI CVE-2026-40864 JupyterHub: CSRF bypass on spawn and share endpoints 5.4 — jupyterhub May 5 MEDI CVE-2026-42045 LobeChat: XSS-to-RCE via exposed Electron IPC 6.2 — @lobehub/lobehub May 5 LOW E CVE-2026-7847 Langchain-Chatchat: predictable file IDs leak uploaded files 2.6 0.0% langchain-chatchat May 5 MEDI CVE-2026-40934 jupyter-server: auth cookie survives password reset 6.8 0.1% jupyter-server May 5 HIGH CVE-2026-40110 Jupyter Server: CORS bypass via regex anchor omission — 0.1% jupyter-server May 5 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial