AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severityFlowise: MIME bypass enables persistent Node.js web shell RCE
GHSA-rh7v-6w34-w2rr Flowise: unauthenticated RCE via FILE-STORAGE bypass
GHSA-cvrr-qhgw-2mm6 Flowise: unauth API exposes plaintext API keys and tokens
GHSA-4jpm-cgx2-8h37 Flowise: Mass Assignment allows cross-tenant org takeover
GHSA-48m6-ch88-55mj Flowise: prompt injection RCE via AirtableAgent
GHSA-f228-chmx-v6j6 LangChain-ChatChat: RCE via unauthenticated MCP interface
CVE-2026-30617 mcp-ssh: argument injection enables LLM-driven local RCE
GHSA-p4h8-56qp-hpgv Keras: safe_mode bypass allows RCE via model deserialization
CVE-2026-1462 n8n-mcp: unauthenticated HTTP endpoints enable DoS + recon
GHSA-75hx-xj24-mqrw PraisonAI: untrusted tools.py import enables RCE
GHSA-g985-wjh9-qxxc PraisonAI: unauthenticated SSRF via unvalidated webhook_url
CVE-2026-40114 praisonaiagents: SSRF in web_crawl exposes cloud metadata
CVE-2026-40160 praisonaiagents: CORS bypass enables silent agent RCE
GHSA-x462-jjpc-q4q4 PraisonAI: auto tools.py load enables local RCE
CVE-2026-40156 PraisonAI: hardcoded approval bypass enables RCE
GHSA-qwgj-rrpj-75xm PraisonAI: AST sandbox bypass enables host RCE
CVE-2026-40158 praisonaiagents: env var expansion exposes production secrets
CVE-2026-40153 PraisonAI: auth bypass disables agent safety controls
CVE-2026-40149 LiteLLM: RCE via bytecode rewriting in guardrails API
CVE-2026-40217 PraisonAIAgents: SSRF exposes cloud metadata via web_crawl
CVE-2026-40150 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial