AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 350 results — Medium severity, no patch
Severity CVE ID Summary CVSS EPSS Package Date
MEDI CVE-2026-44708 mistune: math plugin XSS bypasses escape=True control 6.1 mistune May 8 MEDI CVE-2026-42282 n8n-MCP: credential logging exposes OAuth tokens in HTTP mode 4.3 May 8 MEDI CVE-2026-44479 vercel: auth token leak in AI agent non-interactive mode 5.5 May 7 MEDI CVE-2026-43901 wireshark-mcp: path traversal enables arbitrary file write via MCP 6.8 May 5 MEDI CVE-2026-42045 LobeChat: XSS-to-RCE via exposed Electron IPC 6.2 @lobehub/lobehub May 5 MEDI CVE-2026-7844 Langchain-Chatchat: auth bypass on file service endpoints 6.3 0.0% May 5 MEDI CVE-2026-7700 Langflow: eval() code injection → remote code execution 6.3 0.0% langflow May 3 MEDI CVE-2026-7687 Langflow: command injection in code parser enables RCE 6.3 1.1% langflow May 3 MEDI CVE-2026-7669 SGLang: deserialization in tokenizer loader enables RCE 5.6 0.1% sglang May 2 MEDI CVE-2026-6542 Langflow: IDOR exposes cross-tenant flow data and deletion 6.5 0.0% langflow Apr 30 MEDI CVE-2026-3345 IBM Langflow Desktop <=1.8.4 Langflow could allow... 6.5 0.1% Apr 30 MEDI CVE-2026-4502 IBM Langflow Desktop 1.2.0 through 1.8.4 Langflow... 6.5 0.1% Apr 30 MEDI CVE-2026-3346 IBM Langflow Desktop 1.6.0 through 1.8.4 Lanflow... 6.4 0.0% Apr 30 MEDI CVE-2026-3340 IBM Langflow Desktop 1.0.0 through 1.8.4 IBM... 6.5 0.0% Apr 30 MEDI E CVE-2026-7020 A security flaw has been discovered in Ollama up... 5.6 0.1% Apr 26 MEDI CVE-2026-41481 LangChain is a framework for building agents and... 6.5 0.0% Apr 24 MEDI CVE-2026-6393 The BetterDocs plugin for WordPress is vulnerable... 4.3 0.0% Apr 24 MEDI E CVE-2026-6608 A vulnerability was detected in lm-sys fastchat... 5.3 0.0% fschat Apr 20 MEDI E CVE-2026-6599 A vulnerability was detected in langflow-ai... 6.3 0.0% langflow Apr 20 MEDI CVE-2026-35651 OpenClaw: ANSI injection spoof AI agent approval prompts 4.3 0.0% openclaw Apr 10

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial