AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,625
AI/ML CVEs Tracked
230
Critical
87
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 results Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2026-35397 Jupyter Server: path traversal leaks sibling directories 7.1 0.0% jupyter-server May 5 MEDI E CVE-2025-61669 jupyter-server: Open redirect enables credential phishing — 0.0% jupyter-server May 5 LOW E CVE-2026-7846 Langchain-Chatchat: TOCTOU race allows silent file overwrite 2.6 0.0% langchain-chatchat May 5 LOW E CVE-2026-7845 Langchain-Chatchat: weak image hash allows integrity bypass 2.6 0.0% langchain-chatchat May 5 MEDI E CVE-2026-7844 Langchain-Chatchat: auth bypass on file service endpoints 6.3 0.0% — May 5 MEDI CVE-2026-43570 OpenClaw: symlink traversal exposes host filesystem 6.5 0.1% openclaw May 5 MEDI GHSA-93rg-2xm5-2p9v openclaw: auth bypass exposes Gateway bootstrap config — — openclaw May 4 MEDI GHSA-5h3g-6xhh-rg6p openclaw: TOCTOU race allows out-of-sandbox file read — — openclaw May 4 HIGH GHSA-wppj-c6mr-83jj openclaw: TOCTOU sandbox escape via symlink swap — — openclaw May 4 MEDI GHSA-x3h8-jrgh-p8jx OpenClaw: exec allowlist bypass allows hidden shell code — — openclaw May 4 HIGH GHSA-r6xh-pqhr-v4xh openclaw: MCP owner-context spoofing, privilege escalation — — openclaw May 4 MEDI GHSA-55cf-xx38-4p9p OpenClaw: .env injection redirects connector endpoints — — openclaw May 4 MEDI GHSA-q3jj-46pq-826r openclaw: ACP child session security envelope bypass — — openclaw May 4 MEDI GHSA-2hh7-c75g-qj2r openclaw: SSRF bypass via Zalo plugin photo URLs — — openclaw May 4 MEDI CVE-2026-41358 OpenClaw: sender allowlist bypass via Slack thread context 5.4 0.0% openclaw May 4 CRIT CVE-2026-7482 Ollama: heap OOB read leaks API keys and chat data 9.1 0.1% ollama May 4 MEDI CVE-2026-7700 Langflow: eval() code injection → remote code execution 6.3 0.0% langflow May 3 MEDI CVE-2026-7687 Langflow: command injection in code parser enables RCE 6.3 1.4% langflow May 3 MEDI E CVE-2026-7669 SGLang: deserialization in tokenizer loader enables RCE 5.6 0.1% sglang May 2 HIGH CVE-2026-6543 Langflow: RCE exposes API keys and DB credentials 8.8 0.0% langflow Apr 30 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial