AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 199 results — High severity, has patchOpenClaw: env var injection enables host RCE
GHSA-7437-7hg8-frrw OpenClaw: wake hook trust violation elevates to System prompt
GHSA-jf56-mccx-5f3f openclaw: trust boundary bypass enables prompt injection
GHSA-gfmx-pph7-g46x n8n-mcp: authenticated SSRF leaks cloud metadata
GHSA-4ggg-h7ph-26qr praisonai: SSTI enables RCE via agent instructions
CVE-2026-39891 PraisonAI: unauth A2U stream leaks all agent activity
CVE-2026-39889 LiteLLM: auth bypass chain enables full privilege escalation
GHSA-69x8-hrgq-fjj8 MONAI: pickle deserialization RCE in Auto3DSeg
GHSA-89gg-p5r5-q6r4 openclaw: env var injection via workspace config
GHSA-vfw7-6rhc-6xxg PraisonAI: recipe registry path traversal file write
CVE-2026-39308 PraisonAI: recipe path traversal allows arbitrary file write
CVE-2026-39306 PraisonAI: Zip Slip enables arbitrary file write / RCE
CVE-2026-39307 OpenClaw: PKCE verifier leak enables OAuth token theft
CVE-2026-34511 BentoML: malicious bento archive RCE via Jinja2 SSTI
CVE-2026-35044 BentoML: cmd injection RCE on cloud build infra
CVE-2026-35043 onnx: TOCTOU symlink following enables arbitrary file write
GHSA-q56x-g2fj-4rj6 praisonaiagents: SSRF leaks cloud IAM credentials
CVE-2026-34954 PraisonAI: sandbox escape via shell=True blocklist bypass
CVE-2026-34955 PraisonAI: SSRF via api_base steals cloud IAM credentials
CVE-2026-34936 PraisonAI: OS command injection via run_python() shell escape
CVE-2026-34937 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial