AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 resultsFlowise: unrestricted file upload enables persistent RCE
CVE-2026-41269 Flowise: unauthenticated RCE via NODE_OPTIONS env injection
CVE-2026-41268 Flowise: mass assignment auth bypass in registration
CVE-2026-41267 Flowise: unauthenticated API key exposure via chatbot config
CVE-2026-41266 Flowise: RCE via prompt injection in Airtable Agent
CVE-2026-41265 Flowise: RCE via unsanitized input in AirtableAgent
CVE-2026-41138 Flowise: RCE via CSVAgent unsanitized code injection
CVE-2026-41137 n8n-mcp: bearer tokens exposed in HTTP transport logs
CVE-2026-41495 engramx: CSRF injects persistent prompts into AI agents
GHSA-2r2p-4cgf-hv7h InstructLab: RCE via hardcoded trust_remote_code flag
CVE-2026-6859 Flowise: prompt injection → unsandboxed RCE via CSV Agent
CVE-2026-41264 nbconvert: path traversal exfiltrates files via HTML export
CVE-2026-39378 nbconvert: path traversal enables arbitrary file write
CVE-2026-39377 Claude Code: sandbox escape via symlink allows arbitrary write
CVE-2026-39861 FastChat: control flow flaw corrupts arena comparison
CVE-2026-6608 Langflow: stored XSS in chat message editor
CVE-2026-6600 Langflow: MCP config injection via X-Forwarded-For header
CVE-2026-6599 Langflow: cleartext auth storage exposes API keys
CVE-2026-6598 langflow: Plaintext credential storage via Flow API
CVE-2026-6597 Langflow: unauthenticated file upload allows RCE
CVE-2026-6596 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial