AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 684 results — High severity
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2026-40116 PraisonAI: unauth WebSocket drains OpenAI API credits 7.5 0.1% praisonai Apr 9 HIGH E CVE-2026-40113 PraisonAI: arg injection injects env vars into Cloud Run 8.4 0.0% praisonai Apr 9 HIGH GHSA-qx8j-g322-qj6m OpenClaw: unsafe body replay on cross-origin redirect openclaw Apr 9 HIGH GHSA-5wj5-87vq-39xm openclaw: auth bypass enables exec escalation on reconnect openclaw Apr 9 HIGH CVE-2026-39974 n8n-MCP: SSRF exposes cloud metadata via MCP headers 8.5 0.0% Apr 9 HIGH GHSA-7437-7hg8-frrw OpenClaw: env var injection enables host RCE openclaw Apr 9 HIGH GHSA-jf56-mccx-5f3f OpenClaw: wake hook trust violation elevates to System prompt openclaw Apr 9 HIGH GHSA-gfmx-pph7-g46x openclaw: trust boundary bypass enables prompt injection openclaw Apr 9 HIGH GHSA-4ggg-h7ph-26qr n8n-mcp: authenticated SSRF leaks cloud metadata 8.5 n8n-mcp Apr 8 HIGH E CVE-2026-39891 praisonai: SSTI enables RCE via agent instructions 8.8 0.0% praisonai Apr 8 HIGH CVE-2026-39889 PraisonAI: unauth A2U stream leaks all agent activity 7.5 0.0% praisonai Apr 8 HIGH CVE-2026-3357 Langflow: deserialization RCE via FAISS component default 8.8 0.4% langflow Apr 8 HIGH GHSA-69x8-hrgq-fjj8 LiteLLM: auth bypass chain enables full privilege escalation litellm Apr 8 HIGH GHSA-89gg-p5r5-q6r4 MONAI: pickle deserialization RCE in Auto3DSeg 7.7 monai Apr 7 HIGH GHSA-vfw7-6rhc-6xxg openclaw: env var injection via workspace config openclaw Apr 7 HIGH E CVE-2026-35485 text-generation-webui: unauthenticated path traversal file read 7.5 0.4% gradio Apr 7 HIGH E CVE-2026-39308 PraisonAI: recipe registry path traversal file write 7.1 0.1% PraisonAI Apr 6 HIGH E CVE-2026-39306 PraisonAI: recipe path traversal allows arbitrary file write 7.3 0.1% PraisonAI Apr 6 HIGH E CVE-2026-39307 PraisonAI: Zip Slip enables arbitrary file write / RCE 8.1 0.1% PraisonAI Apr 6 HIGH E CVE-2026-35021 Claude Code CLI: shell injection enables RCE 7.8 0.0% Apr 6

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial