AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 58 results — Critical severity, has patch
Severity CVE ID Summary CVSS EPSS Package Date
CRIT CVE-2026-44551 open-webui: LDAP auth bypass — full account takeover 9.1 open-webui May 8 CRIT CVE-2026-44007 vm2: sandbox escape via nesting:true enables RCE 9.1 vm2 May 7 CRIT CVE-2026-42048 Langflow: path traversal allows arbitrary directory deletion 9.6 langflow May 5 CRIT GHSA-r75f-5x8p-qvmc LiteLLM has SQL Injection in Proxy API key... litellm Apr 24 CRIT E CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code... 9.8 0.3% flowise-components Apr 21 CRIT GHSA-v38x-c887-992f Flowise: Airtable_Agent Code Injection Remote... flowise-components Apr 18 CRIT GHSA-xh72-v6v9-mwhc OpenClaw: Feishu webhook and card-action... openclaw Apr 17 CRIT GHSA-9qhq-v63v-fv3j Incomplete fix for CVE-2026-34935: Command... 9.8 praisonai Apr 17 CRIT GHSA-9wc7-mj3f-74xv Flowise CSVAgent: RCE via Python code injection flowise-components Apr 16 CRIT E CVE-2026-40933 Flowise: RCE via MCP stdio command injection 9.9 0.0% flowise-components Apr 16 CRIT GHSA-8x8f-54wf-vv92 PraisonAI: auth bypass enables browser session hijack 9.1 PraisonAI Apr 10 CRIT GHSA-vc46-vw85-3wvm PraisonAI: RCE via malicious workflow YAML execution 9.8 PraisonAI Apr 10 CRIT E CVE-2026-40157 PraisonAI: path traversal allows arbitrary file write via recipe unpack 0.1% PraisonAI Apr 10 CRIT E CVE-2026-40154 PraisonAI: supply chain RCE via unverified template exec 9.3 0.0% PraisonAI Apr 10 CRIT E CVE-2026-1115 lollms: Stored XSS enables wormable account takeover 9.6 0.0% lollms Apr 10 CRIT E CVE-2026-40111 PraisonAI: RCE via shell injection in memory hooks executor 0.0% praisonaiagents Apr 9 CRIT GHSA-2763-cj5r-c79m PraisonAI: RCE via shell injection in agent workflows 9.7 PraisonAI Apr 8 CRIT GHSA-2679-6mx9-h9xc Marimo: pre-auth RCE via terminal WebSocket marimo Apr 8 CRIT CVE-2026-39888 praisonaiagents: sandbox escape enables host RCE 10.0 0.1% praisonaiagents Apr 8 CRIT E CVE-2026-39890 PraisonAI: YAML deserialization enables unauthenticated RCE 9.8 0.5% praisonai Apr 8

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial