AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

76

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 684 results — High severity
Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2026-35020 Claude Code CLI: OS command injection via TERMINAL env 8.4 0.1% claude-code Apr 6 HIGH CVE-2026-34511 OpenClaw: PKCE verifier leak enables OAuth token theft 0.0% openclaw Apr 4 HIGH E CVE-2026-35394 mobile-mcp: intent injection enables device control via AI agent 8.3 0.0% Apr 4 HIGH E CVE-2026-35044 BentoML: malicious bento archive RCE via Jinja2 SSTI 8.8 0.0% bentoml Apr 3 HIGH E CVE-2026-35043 BentoML: cmd injection RCE on cloud build infra 7.8 0.0% bentoml Apr 3 HIGH CVE-2026-33175 oauthenticator: auth bypass enables JupyterHub account takeover 8.8 0.1% Apr 3 HIGH CVE-2026-35175 Ajenti: missing authz lets any user install packages 0.0% Apr 3 HIGH GHSA-q56x-g2fj-4rj6 onnx: TOCTOU symlink following enables arbitrary file write 7.1 onnx Apr 1 HIGH E CVE-2026-34954 praisonaiagents: SSRF leaks cloud IAM credentials 8.6 0.0% praisonaiagents Apr 1 HIGH E CVE-2026-34955 PraisonAI: sandbox escape via shell=True blocklist bypass 8.8 0.0% praisonai Apr 1 HIGH E CVE-2026-34936 PraisonAI: SSRF via api_base steals cloud IAM credentials 7.7 0.0% praisonai Apr 1 HIGH E CVE-2026-34937 PraisonAI: OS command injection via run_python() shell escape 7.8 0.0% praisonaiagents Apr 1 HIGH E CVE-2026-34222 Open WebUI: access control bypass leaks Tool Valve API keys 7.7 0.0% open-webui Apr 1 HIGH CVE-2026-34445 ONNX: property overwrite via crafted model file 8.6 0.2% onnx Apr 1 HIGH GHSA-m3mh-3mpg-37hw OpenClaw: .npmrc hijack enables RCE on plugin install 8.6 openclaw Mar 30 HIGH GHSA-hr5v-j9h9-xjhg OpenClaw: sandbox escape via mediaUrl path traversal 7.7 openclaw Mar 30 HIGH E CVE-2026-29872 awesome-llm-apps MCP Agent: cross-session credential theft 8.2 0.1% Mar 30 HIGH CVE-2026-35629 openclaw: SSRF in channel extensions hits internal network 0.0% openclaw Mar 29 HIGH E CVE-2026-34070 langchain-core: path traversal exposes host secrets via prompt config 7.5 0.0% langchain-core Mar 27 HIGH E CVE-2026-33989 @mobilenext/mobile-mcp: path traversal via AI agent tool 8.1 0.0% Mar 27

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial