AI Threat Alert AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited
Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 225 results — Critical severity
CRITICAL

cline: WebSocket auth bypass enables terminal RCE

CVE-2026-44211
9.6
Auth Bypass Code Execution Data Leakage Agent Plugin
CWE-306 7 ATLAS
CRITICAL

Open WebUI has an LDAP Empty Password Authentication Bypass

CVE-2026-44551
9.1
open-webui Patch: 0.9.0 CWE-287
CRITICAL

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.81.16 to before version 1.83.7, a database query used...

CVE-2026-42208
9.8
EPSS 0.1%
litellm CWE-89 4
CRITICAL

vm2 NodeVM `nesting: true` bypasses `require: false` allowing sandbox escape and arbitrary OS command execution

CVE-2026-44007
9.1
vm2 Patch: 3.11.1 CWE-284 1.4K
CRITICAL

Compromise of PyTorch Lightning PyPi Package Versions

CVE-2026-44484
--
pytorch-lightning CWE-506 1.6K
CRITICAL

Langflow Knowledge Bases API is Vulnerable to Path Traversal

CVE-2026-42048
9.6
langflow Patch: 1.9.0 CWE-22
CRITICAL

Ollama before 0.17.1 contains a heap out-of-bounds read vulnerability in the GGUF model loader. The /api/create endpoint accepts an attacker-supplied GGUF file...

CVE-2026-7482
9.1
EPSS 0.1%
CRITICAL

Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses

GHSA-wpqr-6v78-jr5g
10.0
CWE-20
CRITICAL

LiteLLM has SQL Injection in Proxy API key verification

GHSA-r75f-5x8p-qvmc
--
litellm Patch: 1.83.7 CWE-89 4
CRITICAL EXPLOIT AVAIL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, this vulnerability allows remote attackers to bypass...

CVE-2026-41276
9.8
EPSS 0.2%
flowise CWE-287
CRITICAL EXPLOIT AVAIL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, Flowise is vulnerable to a critical unauthenticated...

CVE-2026-41268
9.8
EPSS 0.7%
flowise
CRITICAL EXPLOIT AVAIL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, an improper mass assignment (JSON injection)...

CVE-2026-41267
9.8
EPSS 0.3%
flowise CWE-639
CRITICAL EXPLOIT AVAIL

Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the specific flaw exists within the run method of the...

CVE-2026-41265
9.8
EPSS 0.2%
flowise
CRITICAL EXPLOIT AVAIL

Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability

CVE-2026-41264
9.8
EPSS 0.3%
flowise-components Patch: 3.1.0 CWE-184
CRITICAL

Flowise: Airtable_Agent Code Injection Remote Code Execution Vulnerability

GHSA-v38x-c887-992f
--
flowise-components Patch: 3.1.0 CWE-184
CRITICAL

OpenClaw: Feishu webhook and card-action validation now fail closed

GHSA-xh72-v6v9-mwhc
--
openclaw Patch: 2026.4.15 CWE-287 4
CRITICAL

Incomplete fix for CVE-2026-34935: Command Injection in MervinPraison/PraisonAI

GHSA-9qhq-v63v-fv3j
9.8
praisonai Patch: 4.5.149 CWE-78 1
CRITICAL

Flowise CSVAgent: RCE via Python code injection

GHSA-9wc7-mj3f-74xv
--
Code Execution Auth Bypass Agent Framework
flowise-components Patch: 3.1.0 CWE-94 5 ATLAS
CRITICAL EXPLOIT AVAIL

Flowise: RCE via MCP stdio command injection

CVE-2026-40933
9.9
EPSS 0.0%
Code Execution Supply Chain Auth Bypass Agent Plugin Framework
flowise-components Patch: 3.1.0 CWE-78 7 ATLAS
CRITICAL EXPLOIT AVAIL

OpenAI Codex CLI: RCE via malicious MCP config files

CVE-2025-61260
9.8
EPSS 0.1%
Code Execution Supply Chain Agent Plugin
@openai/codex CWE-94 3.5K 5 ATLAS

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial