AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

77

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 512 results — has patch
MEDIUM EXPLOIT AVAIL

A security vulnerability has been detected in langflow-ai langflow up to 1.8.3. The affected element is the function create_project/encrypt_auth_settings of...

CVE-2026-6598
4.3
EPSS 0.0%
langflow Patch: 1.9.1 CWE-312
HIGH EXPLOIT AVAIL

A security flaw has been discovered in langflow-ai langflow up to 1.1.0. This issue affects the function create_upload_file of the file...

CVE-2026-6596
7.3
EPSS 0.1%
langflow-base Patch: 1.9.1 CWE-284
CRITICAL

Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability

GHSA-v38x-c887-992f
--
flowise-components Patch: 3.1.0 CWE-184
MEDIUM

OpenClaw: QMD memory_get restricts reads to canonical or indexed memory paths

GHSA-f934-5rqf-xx47
--
openclaw Patch: 2026.4.15 CWE-22 4
HIGH

OpenClaw: Webchat media embedding enforces local-root containment for tool-result files

GHSA-mr34-9552-qr95
--
openclaw Patch: 2026.4.15 CWE-22 4
CRITICAL

OpenClaw: Feishu webhook and card-action validation now fail closed

GHSA-xh72-v6v9-mwhc
--
openclaw Patch: 2026.4.15 CWE-287 4
HIGH

OpenClaw: Matrix room control-command authorization no longer trusts DM pairing-store entries

GHSA-2gvc-4f3c-2855
--
openclaw Patch: 2026.4.15 CWE-863 4
HIGH

OpenClaw: Gateway HTTP endpoints re-resolve bearer auth after SecretRef rotation

GHSA-xmxx-7p24-h892
--
openclaw Patch: 2026.4.15 CWE-324 4
HIGH

PraisonAI: SQL Injection via unvalidated `table_prefix` in 9 conversation store backends (incomplete fix for CVE-2026-40315)

GHSA-rg3h-x3jw-7jm5
8.1
praisonaiagents Patch: 1.6.8 CWE-89 11
CRITICAL

Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI

GHSA-9qhq-v63v-fv3j
9.8
praisonai Patch: 4.5.149 CWE-78 1
MEDIUM

Claude Code: Insecure System-Wide Configuration Loading Enables Local Privilege Escalation on Windows

CVE-2026-35603
--
EPSS 0.0%
@anthropic-ai/claude-code Patch: 2.1.75 CWE-426
MEDIUM

OpenClaw: CDP /json/version WebSocket URL could pivot to untrusted second-hop targets

GHSA-f7fh-qg34-x2xh
--
openclaw Patch: 2026.4.5 CWE-918 4
MEDIUM

OpenClaw: Sender policy bypass in host media attachment reads allows unauthorized local file disclosure

GHSA-jhpv-5j76-m56h
--
openclaw Patch: 2026.4.10 CWE-863 4
HIGH

OpenClaw: QQBot media tags could read arbitrary local files through reply text

GHSA-66r7-m7xm-v49h
--
openclaw Patch: 2026.4.10 CWE-22 4
HIGH

OpenClaw: busybox and toybox applet execution weakened exec approval binding

GHSA-2cq5-mf3v-mx44
--
openclaw Patch: 2026.4.12 CWE-863 4
HIGH

OpenClaw: Matrix profile config persistence was reachable from operator.write message tools

GHSA-7jp6-r74r-995q
--
openclaw Patch: 2026.4.10 CWE-266 4
HIGH

OpenClaw: Sandboxed agents could escape exec routing via host=node override

GHSA-736r-jwj6-4w23
--
openclaw Patch: 2026.4.10 CWE-863 4
MEDIUM

OpenClaw: Browser press/type interaction routes missed complete navigation guard coverage

GHSA-536q-mj95-h29h
--
openclaw Patch: 2026.4.10 CWE-918 4
MEDIUM

OpenClaw: Browser interaction routes could pivot into local CDP and regain file reads

GHSA-qmwg-qprg-3j38
--
openclaw Patch: 2026.4.9 CWE-693 4
HIGH

OpenClaw: Workspace provider auth choices could auto-enable untrusted provider plugins

GHSA-939r-rj45-g2rj
--
openclaw Patch: 2026.4.9 CWE-829 4

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial