AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultsJupyter Server: path traversal leaks sibling directories
CVE-2026-35397 jupyter-server: Open redirect enables credential phishing
CVE-2025-61669 Langchain-Chatchat: TOCTOU race allows silent file overwrite
CVE-2026-7846 Langchain-Chatchat: weak image hash allows integrity bypass
CVE-2026-7845 Langchain-Chatchat: auth bypass on file service endpoints
CVE-2026-7844 OpenClaw: symlink traversal exposes host filesystem
CVE-2026-43570 openclaw: auth bypass exposes Gateway bootstrap config
GHSA-93rg-2xm5-2p9v openclaw: TOCTOU race allows out-of-sandbox file read
GHSA-5h3g-6xhh-rg6p openclaw: TOCTOU sandbox escape via symlink swap
GHSA-wppj-c6mr-83jj OpenClaw: exec allowlist bypass allows hidden shell code
GHSA-x3h8-jrgh-p8jx openclaw: MCP owner-context spoofing, privilege escalation
GHSA-r6xh-pqhr-v4xh OpenClaw: .env injection redirects connector endpoints
GHSA-55cf-xx38-4p9p openclaw: ACP child session security envelope bypass
GHSA-q3jj-46pq-826r openclaw: SSRF bypass via Zalo plugin photo URLs
GHSA-2hh7-c75g-qj2r OpenClaw: sender allowlist bypass via Slack thread context
CVE-2026-41358 Ollama: heap OOB read leaks API keys and chat data
CVE-2026-7482 Langflow: eval() code injection → remote code execution
CVE-2026-7700 Langflow: command injection in code parser enables RCE
CVE-2026-7687 SGLang: deserialization in tokenizer loader enables RCE
CVE-2026-7669 Langflow: RCE exposes API keys and DB credentials
CVE-2026-6543 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial