AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
AI/ML CVEs Tracked
Critical
New This Week
In CISA KEV
Latest AI Security Threats
Showing 20 of 220 results — Medium severity, has patchmistune: XSS via unescaped heading id= attribute
CVE-2026-44897 open-webui: XSS in pending overlay enables session hijack
CVE-2026-44568 open-webui: RAG auth bypass exposes private files
CVE-2026-44560 open-webui: auth bypass exposes private group channels
CVE-2026-44561 open-webui: auth bypass in collaborative doc editing
CVE-2026-44564 open-webui: auth bypass exposes restricted LLM models
CVE-2026-44563 open-webui: missing authz enables model hijacking
CVE-2026-44562 open-webui: private channel member list exposed to any user
CVE-2026-44559 open-webui: auth bypass exposes all knowledge base metadata
CVE-2026-44557 open-webui: permission bypass exposes channels publicly
CVE-2026-44558 open-webui: mass assignment enables cross-user folder injection
CVE-2026-44550 BentoML: symlink traversal exfiltrates host secrets at build
CVE-2026-40610 @axonflow/openclaw: credential exposure via insecure file permissions
GHSA-cqmh-pcgr-q42f vLLM: speculative decoding DoS via penalty params
CVE-2026-44223 vLLM: token injection DoS via multimodal placeholders
CVE-2026-44222 openclaw: stale webhook secret survives credential rotation
GHSA-q8ff-7ffm-m3r9 JupyterHub: CSRF bypass on spawn and share endpoints
CVE-2026-40864 jupyter-server: auth cookie survives password reset
CVE-2026-40934 jupyter-server: Open redirect enables credential phishing
CVE-2025-61669 OpenClaw: symlink traversal exposes host filesystem
CVE-2026-43570 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial