AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultsn8n-mcp: credential exposure via HTTP transport logging
GHSA-wg4g-395p-mqv3 litellm: RCE via MCP test endpoints privilege bypass
GHSA-v4p8-mg3p-g94g langchain-openai: SSRF via DNS rebinding in image token counter
CVE-2026-41488 LangChain: SSRF redirect bypass exposes internal endpoints
CVE-2026-41481 Gemini CLI: RCE via malicious workspace in CI/CD
GHSA-wpqr-6v78-jr5g Claude Code: git worktree trust bypass executes hooks
CVE-2026-40068 litellm: SQLi exposes all managed LLM API credentials
GHSA-r75f-5x8p-qvmc Ray: Parquet RCE via Arrow extension deserialization
CVE-2026-41486 LiteLLM: RCE via unsandboxed prompt template rendering
GHSA-xqmj-j6mv-4862 BetterDocs: Auth bypass drains OpenAI API quota
CVE-2026-6393 Flowise: Cypher injection via GraphCypherQAChain node
CVE-2026-41274 Flowise: unauth API key abuse via TTS endpoint IDOR
CVE-2026-41279 Flowise: credential exposure in public chatflow API
CVE-2026-41278 Flowise: mass assignment enables cross-workspace IDOR
CVE-2026-41277 Flowise: auth bypass enables full account takeover via reset
CVE-2026-41276 Flowise: HTTP password reset link allows MITM takeover
CVE-2026-41275 Flowise: auth bypass exposes OAuth 2.0 tokens
CVE-2026-41273 Flowise: SSRF bypass via DNS rebinding exposes internal networks
CVE-2026-41272 Flowise: SSRF via prompt template injection in API Chain
CVE-2026-41271 Flowise: SSRF bypass exposes cloud metadata services
CVE-2026-41270 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial