AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,625
AI/ML CVEs Tracked
230
Critical
87
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 1625 results Severity CVE ID Summary CVSS EPSS Package Date
HIGH E CVE-2026-41269 Flowise: unrestricted file upload enables persistent RCE 8.8 0.1% flowise Apr 23 CRIT E CVE-2026-41268 Flowise: unauthenticated RCE via NODE_OPTIONS env injection 9.8 0.7% flowise Apr 23 CRIT E CVE-2026-41267 Flowise: mass assignment auth bypass in registration 9.8 0.3% flowise Apr 23 HIGH E CVE-2026-41266 Flowise: unauthenticated API key exposure via chatbot config 7.5 0.0% flowise Apr 23 CRIT E CVE-2026-41265 Flowise: RCE via prompt injection in Airtable Agent 9.8 0.2% flowise Apr 23 HIGH E CVE-2026-41138 Flowise: RCE via unsanitized input in AirtableAgent 8.8 0.3% flowise Apr 23 HIGH E CVE-2026-41137 Flowise: RCE via CSVAgent unsanitized code injection 8.8 0.3% flowise Apr 23 MEDI CVE-2026-41495 n8n-mcp: bearer tokens exposed in HTTP transport logs 5.3 0.0% n8n-mcp Apr 23 HIGH GHSA-2r2p-4cgf-hv7h engramx: CSRF injects persistent prompts into AI agents — — — Apr 22 HIGH CVE-2026-6859 InstructLab: RCE via hardcoded trust_remote_code flag 8.8 0.1% — Apr 22 CRIT E CVE-2026-41264 Flowise: prompt injection → unsandboxed RCE via CSV Agent 9.8 0.3% flowise-components Apr 21 MEDI CVE-2026-39378 nbconvert: path traversal exfiltrates files via HTML export 6.5 0.0% nbconvert Apr 21 MEDI CVE-2026-39377 nbconvert: path traversal enables arbitrary file write 6.5 0.0% nbconvert Apr 21 HIGH CVE-2026-39861 Claude Code: sandbox escape via symlink allows arbitrary write — 0.2% @anthropic-ai/claude-code Apr 21 MEDI E CVE-2026-6608 FastChat: control flow flaw corrupts arena comparison 5.3 0.0% fschat Apr 20 LOW E CVE-2026-6600 Langflow: stored XSS in chat message editor 3.5 0.0% langflow Apr 20 MEDI E CVE-2026-6599 Langflow: MCP config injection via X-Forwarded-For header 6.3 0.0% langflow Apr 20 MEDI E CVE-2026-6598 Langflow: cleartext auth storage exposes API keys 4.3 0.0% langflow Apr 20 LOW E CVE-2026-6597 langflow: Plaintext credential storage via Flow API 2.7 0.0% langflow Apr 20 HIGH E CVE-2026-6596 Langflow: unauthenticated file upload allows RCE 7.3 0.1% langflow-base Apr 20 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial