AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

77

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 570 results — Medium severity
MEDIUM

OpenClaw: pre-auth signature bypass enables pairing DoS

GHSA-h43v-27wg-5mf9
--
DoS Auth Bypass Agent Framework
openclaw Patch: 2026.3.31 CWE-347 4 3 ATLAS
MEDIUM

OpenClaw: exec allowlist bypass via shell init-file options

GHSA-wpc6-37g7-8q4w
--
Auth Bypass Code Execution Agent Plugin
openclaw Patch: 2026.3.31 CWE-184 4 4 ATLAS 1 incident
MEDIUM

openclaw: sandbox escape via mirror mode hook execution

GHSA-42mx-vp8m-j7qh
--
Code Execution Supply Chain Agent Framework
openclaw Patch: 2026.3.28 CWE-829 4 4 ATLAS 1 incident
MEDIUM

openclaw: auth bypass exposes agent session visibility

GHSA-fwjq-xwfj-gv75
--
Auth Bypass Data Extraction Agent Framework
openclaw Patch: 2026.3.31 CWE-863 4 4 ATLAS 1 incident
MEDIUM

openclaw: privilege escalation to admin voice config persistence

GHSA-3q42-xmxv-9vfr
--
Auth Bypass Supply Chain Agent Framework
openclaw Patch: 2026.3.28 CWE-269 4 3 ATLAS 1 incident
MEDIUM

openclaw: SSRF in marketplace plugin download

GHSA-vjx8-8p7h-82gr
--
Supply Chain Data Extraction Auth Bypass Agent Plugin
openclaw Patch: 2026.3.31 CWE-918 4 4 ATLAS 1 incident
MEDIUM

openclaw: media download bypass exhausts disk storage

GHSA-4g5x-2jfc-xm98
--
DoS Agent Plugin
openclaw Patch: 2026.3.31 CWE-434 4 3 ATLAS
MEDIUM

openclaw: operator scope bypass in phone arm/disarm cmds

GHSA-h2v7-xc88-xx8c
--
Auth Bypass Agent Plugin
openclaw Patch: 2026.3.28 CWE-285 4 3 ATLAS 1 incident
MEDIUM EXPLOIT AVAIL

MLflow: auth bypass exposes model artifacts across experiments

CVE-2026-33866
--
EPSS 0.0%
Auth Bypass Data Extraction Framework Model
mlflow CWE-862 624 4 ATLAS
MEDIUM EXPLOIT AVAIL

MLflow: stored XSS via MLmodel YAML artifact upload

CVE-2026-33865
--
EPSS 0.0%
Code Execution Auth Bypass Data Extraction Framework Model
mlflow Patch: 3.11.1 CWE-79 624 4 ATLAS
MEDIUM EXPLOIT AVAIL

HuggingFace Transformers: RCE via malicious checkpoint load

CVE-2026-1839
6.5
EPSS 0.0%
Code Execution Supply Chain Framework Training Data
transformers Patch: 5.0.0rc3 CWE-502 7.9K 3 ATLAS
MEDIUM

OpenClaw: script preflight bypass enables unsafe exec

CVE-2026-34425
--
EPSS 0.1%
Auth Bypass Code Execution Agent Plugin
openclaw Patch: 2026.4.2 CWE-184 4 4 ATLAS 1 incident
MEDIUM

kedro-datasets: path traversal enables arbitrary file write

CVE-2026-35492
6.5
EPSS 0.0%
Supply Chain Model Poisoning Code Execution Framework Training Data
kedro-datasets Patch: 9.3.0 CWE-22 2.8K 3 ATLAS
MEDIUM

Ollama: SSRF in Model Pull API enables network pivot

CVE-2026-5530
6.3
EPSS 0.0%
Data Extraction Privacy Violation Inference API
CWE-918 4 ATLAS
MEDIUM

Directus: cleartext storage exposes AI API keys

GHSA-mvv8-v4jj-g47j
6.5
Data Leakage Data Extraction Auth Bypass API Framework Agent
CWE-200 6 ATLAS
MEDIUM

vLLM: OOM DoS via unbounded video frame decoding

CVE-2026-34755
6.5
EPSS 0.1%
DoS Framework Inference API
vllm Patch: 0.19.0 CWE-770 127 3 ATLAS
MEDIUM

vLLM: SSRF in batch API exposes cloud metadata endpoints

CVE-2026-34753
5.4
EPSS 0.0%
Data Extraction Auth Bypass Framework Inference
vllm Patch: 0.19.0 CWE-918 127 5 ATLAS
MEDIUM

ltiauthenticator: OAuth nonce leak causes server DoS

CVE-2026-34052
5.9
EPSS 0.1%
DoS Framework
CWE-401 3 ATLAS
MEDIUM

JupyterHub: open redirect enables post-login phishing

CVE-2026-33709
--
EPSS 0.0%
Social Engineering Auth Bypass Framework
CWE-601 4 ATLAS
MEDIUM

vLLM: DoS via unbounded n parameter causes OOM crash

CVE-2026-34756
6.5
EPSS 0.0%
DoS Inference API
vllm Patch: 0.19.0 CWE-770 127 4 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial