AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severityPraisonAI: unauth WebSocket drains OpenAI API credits
CVE-2026-40116 PraisonAI: arg injection injects env vars into Cloud Run
CVE-2026-40113 OpenClaw: unsafe body replay on cross-origin redirect
GHSA-qx8j-g322-qj6m openclaw: auth bypass enables exec escalation on reconnect
GHSA-5wj5-87vq-39xm n8n-MCP: SSRF exposes cloud metadata via MCP headers
CVE-2026-39974 OpenClaw: env var injection enables host RCE
GHSA-7437-7hg8-frrw OpenClaw: wake hook trust violation elevates to System prompt
GHSA-jf56-mccx-5f3f openclaw: trust boundary bypass enables prompt injection
GHSA-gfmx-pph7-g46x n8n-mcp: authenticated SSRF leaks cloud metadata
GHSA-4ggg-h7ph-26qr praisonai: SSTI enables RCE via agent instructions
CVE-2026-39891 PraisonAI: unauth A2U stream leaks all agent activity
CVE-2026-39889 Langflow: deserialization RCE via FAISS component default
CVE-2026-3357 LiteLLM: auth bypass chain enables full privilege escalation
GHSA-69x8-hrgq-fjj8 MONAI: pickle deserialization RCE in Auto3DSeg
GHSA-89gg-p5r5-q6r4 openclaw: env var injection via workspace config
GHSA-vfw7-6rhc-6xxg text-generation-webui: unauthenticated path traversal file read
CVE-2026-35485 PraisonAI: recipe registry path traversal file write
CVE-2026-39308 PraisonAI: recipe path traversal allows arbitrary file write
CVE-2026-39306 PraisonAI: Zip Slip enables arbitrary file write / RCE
CVE-2026-39307 Claude Code CLI: shell injection enables RCE
CVE-2026-35021 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial