AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,625

AI/ML CVEs Tracked

230

Critical

87

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1625 results

Severity CVE ID Summary CVSS EPSS Package Date

MEDI GHSA-wg4g-395p-mqv3 n8n-mcp: credential exposure via HTTP transport logging 4.3 — n8n-mcp Apr 25 HIGH GHSA-v4p8-mg3p-g94g litellm: RCE via MCP test endpoints privilege bypass — — litellm Apr 25 LOW CVE-2026-41488 langchain-openai: SSRF via DNS rebinding in image token counter 3.1 0.0% langchain Apr 24 MEDI CVE-2026-41481 LangChain: SSRF redirect bypass exposes internal endpoints 6.5 0.0% langchain Apr 24 CRIT GHSA-wpqr-6v78-jr5g Gemini CLI: RCE via malicious workspace in CI/CD 10.0 — — Apr 24 HIGH CVE-2026-40068 Claude Code: git worktree trust bypass executes hooks — 0.1% @anthropic-ai/claude-code Apr 24 CRIT GHSA-r75f-5x8p-qvmc litellm: SQLi exposes all managed LLM API credentials — — litellm Apr 24 HIGH CVE-2026-41486 Ray: Parquet RCE via Arrow extension deserialization — 0.1% ray Apr 24 HIGH GHSA-xqmj-j6mv-4862 LiteLLM: RCE via unsandboxed prompt template rendering — — litellm Apr 24 MEDI CVE-2026-6393 BetterDocs: Auth bypass drains OpenAI API quota 4.3 0.0% — Apr 24 CRIT E CVE-2026-41274 Flowise: Cypher injection via GraphCypherQAChain node 9.8 0.1% flowise Apr 23 HIGH E CVE-2026-41279 Flowise: unauth API key abuse via TTS endpoint IDOR 7.5 0.1% flowise Apr 23 HIGH E CVE-2026-41278 Flowise: credential exposure in public chatflow API 7.5 0.0% flowise Apr 23 HIGH E CVE-2026-41277 Flowise: mass assignment enables cross-workspace IDOR 8.8 0.1% flowise Apr 23 CRIT E CVE-2026-41276 Flowise: auth bypass enables full account takeover via reset 9.8 0.2% flowise Apr 23 HIGH E CVE-2026-41275 Flowise: HTTP password reset link allows MITM takeover 7.5 0.0% flowise Apr 23 HIGH E CVE-2026-41273 Flowise: auth bypass exposes OAuth 2.0 tokens 8.2 0.1% flowise Apr 23 HIGH E CVE-2026-41272 Flowise: SSRF bypass via DNS rebinding exposes internal networks 7.1 0.0% flowise Apr 23 HIGH E CVE-2026-41271 Flowise: SSRF via prompt template injection in API Chain 8.3 0.1% flowise Apr 23 HIGH E CVE-2026-41270 Flowise: SSRF bypass exposes cloud metadata services 8.3 0.0% flowise Apr 23

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial