AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

77

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 570 results — Medium severity
MEDIUM

OpenClaw: eval approval bypass enables unintended code exec

GHSA-q2gc-xjqw-qp89
--
Auth Bypass Code Execution Agent Framework
openclaw Patch: 2026.4.8 CWE-20 4 5 ATLAS 1 incident
MEDIUM

LangChain: f-string template injection exposes object internals

GHSA-926x-3r5x-gfhw
5.3
Data Extraction Prompt Injection Framework
langchain-core Patch: 0.3.84 CWE-20 4.4K 4 ATLAS
MEDIUM EXPLOIT AVAIL

openai-realtime-ui: SSRF in API proxy endpoint

CVE-2026-5803
6.3
EPSS 0.0%
Data Extraction Auth Bypass API
CWE-918 3 ATLAS
MEDIUM

praisonaiagents: agent context leak + path traversal

GHSA-766v-q9x3-g744
6.5
Data Leakage Data Extraction Agent Framework
praisonaiagents Patch: 1.5.115 CWE-22 11 4 ATLAS
MEDIUM EXPLOIT AVAIL

LobeChat: auth bypass via forged XOR obfuscated header

CVE-2026-39411
5.0
EPSS 0.0%
Auth Bypass Data Extraction DoS API Inference
@lobehub/lobehub Patch: 2.1.48 CWE-287 3.7K 5 ATLAS
MEDIUM EXPLOIT AVAIL

lollms: sessions persist after password reset

CVE-2026-1163
4.1
EPSS 0.0%
Auth Bypass Data Extraction API Agent
lollms CWE-613 3 ATLAS
MEDIUM

openclaw-claude-bridge: sandbox bypass exposes CLI tools

CVE-2026-39398
--
Code Execution Auth Bypass Prompt Injection Agent Plugin
claude-code CWE-276 4 ATLAS
MEDIUM

OpenClaw: cleartext WebSocket exposes gateway credentials

GHSA-83f3-hh45-vfw9
--
Data Leakage Auth Bypass Agent
openclaw Patch: 2026.4.2 CWE-200 4 3 ATLAS 1 incident
MEDIUM

openclaw: timing side-channel leaks shared-secret length

GHSA-jj6q-rrrf-h66h
--
Auth Bypass Data Extraction Agent Framework
openclaw Patch: 2026.4.2 CWE-208 4 3 ATLAS 1 incident
MEDIUM

OpenClaw: Zalo webhook dedup collision silently drops events

GHSA-rxmx-g7hr-8mx4
--
DoS Agent API
openclaw Patch: 2026.4.2 CWE-349 4 2 ATLAS
MEDIUM

OpenClaw: CDP host bypass exposes localhost browser state

GHSA-fh32-73r9-rgh5
--
Auth Bypass Data Extraction Agent Plugin
openclaw Patch: 2026.4.2 CWE-20 4 4 ATLAS 1 incident
MEDIUM

openclaw: script swap bypasses pnpm dlx approval

GHSA-w6wx-jq6j-6mcj
--
Auth Bypass Code Execution Supply Chain Agent Plugin
openclaw Patch: 2026.4.2 CWE-863 4 4 ATLAS 1 incident
MEDIUM

OpenClaw: approval bypass via env key normalization gap

GHSA-98ch-45wp-ch47
--
Auth Bypass Code Execution Agent Framework
openclaw Patch: 2026.4.2 CWE-178 4 4 ATLAS 1 incident
MEDIUM

OpenClaw: info disclosure exposes host filesystem paths

GHSA-2f7j-rp58-mr42
--
Data Leakage Privacy Violation Agent Framework
openclaw Patch: 2026.4.2 CWE-200 4 3 ATLAS
MEDIUM

OpenClaw: untrusted plugin RCE via workspace channel setup

GHSA-2qrv-rc5x-2g2h
--
Supply Chain Code Execution Auth Bypass Agent Plugin
openclaw Patch: 2026.4.2 CWE-829 4 4 ATLAS 1 incident
MEDIUM

OpenClaw: read-only scope bypass kills agent sessions

GHSA-5hff-46vh-rxmw
--
Auth Bypass DoS Agent
openclaw Patch: 2026.4.2 CWE-269 4 3 ATLAS
MEDIUM

openclaw: iOS bridge bypass enables unauthorized agent runs

GHSA-4p4f-fc8q-84m3
--
Auth Bypass DoS Agent
openclaw Patch: 2026.4.2 CWE-284 4 4 ATLAS
MEDIUM

OpenClaw: path traversal → host file exfiltration via QQ Bot

GHSA-846p-hgpv-vphc
--
Prompt Injection Data Extraction Agent Plugin
openclaw Patch: 2026.4.2 CWE-22 4 4 ATLAS 1 incident
MEDIUM

openclaw: path traversal enables remote dir overwrite

GHSA-m34q-h93w-vg5x
--
Supply Chain Code Execution Agent Framework
openclaw Patch: 2026.4.2 CWE-22 4 4 ATLAS 1 incident
MEDIUM

OpenClaw: pairing DoS blocks account onboarding

GHSA-wwfp-w96m-c6x8
--
DoS Agent
openclaw Patch: 2026.3.31 4 2 ATLAS 1 incident

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial