AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1092 results — no patch
Severity CVE ID Summary CVSS EPSS Package Date
CRIT E CVE-2026-35216 Budibase: Unauthenticated RCE as root via webhook 9.1 0.6% Apr 4 HIGH E CVE-2026-35394 mobile-mcp: intent injection enables device control via AI agent 8.3 0.0% Apr 4 MEDI CVE-2026-34052 ltiauthenticator: OAuth nonce leak causes server DoS 5.9 0.1% Apr 3 MEDI CVE-2026-33709 JupyterHub: open redirect enables post-login phishing 0.0% Apr 3 HIGH CVE-2026-33175 oauthenticator: auth bypass enables JupyterHub account takeover 8.8 0.1% Apr 3 CRIT E CVE-2026-0545 MLflow: auth bypass in job API enables unauthenticated RCE 9.1 5.5% mlflow Apr 3 HIGH CVE-2026-35175 Ajenti: missing authz lets any user install packages 0.0% Apr 3 MEDI CVE-2026-34760 vLLM: audio downmix mismatch enables adversarial input 5.9 0.1% Apr 2 UNKN CVE-2026-22561 Claude Setup: DLL search-order hijacking LPE 0.0% Mar 31 CRIT E CVE-2026-0596 MLflow: command injection via model_uri in mlserver mode 9.6 0.2% Mar 31 UNKN CVE-2026-4399 1millionbot Millie: Boolean prompt injection bypasses restrictions 0.1% Mar 31 CRIT GHSA-955r-262c-33jc telnyx: PyPI supply chain attack steals cloud creds Mar 30 HIGH E CVE-2026-29872 awesome-llm-apps MCP Agent: cross-session credential theft 8.2 0.1% Mar 30 UNKN CVE-2026-2287 CrewAI: Docker sandbox fallback enables RCE 0.1% Mar 30 UNKN CVE-2026-2286 CrewAI: SSRF via unvalidated RAG tool URLs exposes internal services 0.1% Mar 30 UNKN CVE-2026-2285 CrewAI: arbitrary file read via JSON loader tool 0.2% Mar 30 UNKN E CVE-2026-2275 CrewAI: RCE via Docker fallback in CodeInterpreter 0.0% Mar 30 LOW E CVE-2026-4993 OpenUI: hard-coded LiteLLM master key credential leak 3.3 0.0% Mar 28 MEDI GHSA-h8r8-wccr-v5f2 DOMPurify: mXSS bypass achieves XSS via parse-context switch Mar 27 HIGH E CVE-2026-33989 @mobilenext/mobile-mcp: path traversal via AI agent tool 8.1 0.0% Mar 27

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial