AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

230

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 569 results — Medium severity

Severity CVE ID Summary CVSS EPSS Package Date

MEDI E CVE-2026-40152 praisonaiagents: glob traversal leaks filesystem metadata 5.3 0.1% praisonaiagents Apr 10 MEDI E CVE-2026-40151 PraisonAI: unauthenticated agent config and system prompt disclosure 5.3 0.0% PraisonAI Apr 10 MEDI E CVE-2026-40115 PraisonAI: unbounded body read enables local DoS 6.2 0.1% PraisonAI Apr 10 MEDI CVE-2026-35651 OpenClaw: ANSI injection spoof AI agent approval prompts 4.3 0.0% openclaw Apr 10 MEDI E CVE-2026-6011 OpenClaw: SSRF via web-fetch enables internal network pivot 5.6 0.1% openclaw Apr 10 MEDI E CVE-2026-40117 PraisonAI: arbitrary file read via unguarded skill tool 6.2 0.0% praisonaiagents Apr 9 MEDI E CVE-2026-40112 PraisonAI: XSS via no-op HTML sanitizer in agent output 5.4 0.0% praisonai Apr 9 MEDI CVE-2026-40087 LangChain: template injection leaks object attributes 5.3 0.1% langchain-core Apr 9 MEDI GHSA-ccx3-fw7q-rr2r openclaw: base64 pre-alloc bypass causes resource exhaustion — — openclaw Apr 9 MEDI GHSA-3vvq-q2qc-7rmp openclaw: no integrity check on ClawHub plugin installs — — openclaw Apr 9 MEDI GHSA-w9j9-w4cp-6wgr openclaw: env var injection enables host exec hijacking — — openclaw Apr 9 MEDI GHSA-w8g9-x8gx-crmm OpenClaw: SSRF bypass via Playwright redirect handling — — openclaw Apr 9 MEDI GHSA-vr5g-mmx7-h897 OpenClaw: SSRF bypass via interaction-triggered navigation — — openclaw Apr 9 MEDI GHSA-67mf-f936-ppxf OpenClaw: scope misconfiguration enables unauthorized node pairing — — openclaw Apr 9 MEDI GHSA-3fv3-6p2v-gxwj openclaw: SSRF bypass in QQ Bot media fetch paths — — openclaw Apr 9 MEDI GHSA-5h3f-885m-v22w openclaw: WS sessions persist after gateway token rotation — — openclaw Apr 9 MEDI GHSA-vc32-h5mq-453v OpenClaw: cross-channel allowlist write bypass — — openclaw Apr 9 MEDI GHSA-68x5-xx89-w9mm OpenClaw: stale auth closure bypasses gateway access control — — openclaw Apr 9 MEDI GHSA-cmfr-9m2r-xwhq OpenClaw: auth bypass enables persistent browser profile mutation — — openclaw Apr 9 MEDI GHSA-whf9-3hcx-gq54 OpenClaw: token rotation bypasses role approval — — openclaw Apr 9

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial