AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultsLangflow: IDOR exposes cross-tenant flow data and deletion
CVE-2026-6542 Langflow: path traversal allows arbitrary file read
CVE-2026-3345 Langflow Desktop: IDOR leaks user images unauthenticated
CVE-2026-4503 Langflow: path traversal enables arbitrary file write
CVE-2026-4502 Langflow Desktop: stored XSS enables credential theft
CVE-2026-3346 IBM Langflow: SSRF enables internal network enumeration
CVE-2026-3340 n8n-mcp: SSRF bypass via IPv6 leaks API keys
CVE-2026-42449 Jupyter Notebook: stored XSS enables full account takeover
CVE-2026-40171 @anthropic-ai/sdk: insecure file perms expose agent memory
CVE-2026-41686 marked: infinite recursion DoS crashes Node.js via OOM
CVE-2026-41680 openclaw: path traversal exposes host files via audio embed
GHSA-gfg9-5357-hv4c openclaw: auth bypass in owner command enforcement
GHSA-c28g-vh7m-fm7v n8n: XML Node prototype pollution → RCE
CVE-2026-42232 n8n: prototype pollution → RCE via Git node SSH
CVE-2026-42231 n8n: stored XSS via MCP OAuth steals agent sessions
CVE-2026-42235 n8n: IDOR exposes cross-user API key exfiltration
CVE-2026-42226 n8n: Python sandbox escape enables container RCE
CVE-2026-42234 n8n: IDOR leaks cross-project variables via API key
CVE-2026-42227 n8n: unauthenticated MCP endpoint causes memory DoS
CVE-2026-42236 n8n: WebSocket auth bypass hijacks AI agent workflows
CVE-2026-42228 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial