AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 684 results — High severityClaude Code CLI: OS command injection via TERMINAL env
CVE-2026-35020 OpenClaw: PKCE verifier leak enables OAuth token theft
CVE-2026-34511 mobile-mcp: intent injection enables device control via AI agent
CVE-2026-35394 BentoML: malicious bento archive RCE via Jinja2 SSTI
CVE-2026-35044 BentoML: cmd injection RCE on cloud build infra
CVE-2026-35043 oauthenticator: auth bypass enables JupyterHub account takeover
CVE-2026-33175 Ajenti: missing authz lets any user install packages
CVE-2026-35175 onnx: TOCTOU symlink following enables arbitrary file write
GHSA-q56x-g2fj-4rj6 praisonaiagents: SSRF leaks cloud IAM credentials
CVE-2026-34954 PraisonAI: sandbox escape via shell=True blocklist bypass
CVE-2026-34955 PraisonAI: SSRF via api_base steals cloud IAM credentials
CVE-2026-34936 PraisonAI: OS command injection via run_python() shell escape
CVE-2026-34937 Open WebUI: access control bypass leaks Tool Valve API keys
CVE-2026-34222 ONNX: property overwrite via crafted model file
CVE-2026-34445 OpenClaw: .npmrc hijack enables RCE on plugin install
GHSA-m3mh-3mpg-37hw OpenClaw: sandbox escape via mediaUrl path traversal
GHSA-hr5v-j9h9-xjhg awesome-llm-apps MCP Agent: cross-session credential theft
CVE-2026-29872 openclaw: SSRF in channel extensions hits internal network
CVE-2026-35629 langchain-core: path traversal exposes host secrets via prompt config
CVE-2026-34070 @mobilenext/mobile-mcp: path traversal via AI agent tool
CVE-2026-33989 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial