AI Threat Alert
AI Security Threat Feed
Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.
1,604
AI/ML CVEs Tracked
225
Critical
79
New This Week
16
In CISA KEV
Latest AI Security Threats
Showing 20 of 225 results — Critical severity Severity CVE ID Summary CVSS EPSS Package Date
CRIT CVE-2026-44211 cline: WebSocket auth bypass enables terminal RCE 9.6 — — May 8 CRIT CVE-2026-44551 open-webui: LDAP auth bypass — full account takeover 9.1 — open-webui May 8 CRIT CVE-2026-42208 LiteLLM: SQL injection exposes LLM API credentials 9.8 0.1% litellm May 8 CRIT CVE-2026-44007 vm2: sandbox escape via nesting:true enables RCE 9.1 — vm2 May 7 CRIT CVE-2026-44484 pytorch-lightning: supply chain, credential harvesting — — pytorch-lightning May 7 CRIT CVE-2026-42048 Langflow: path traversal allows arbitrary directory deletion 9.6 — langflow May 5 CRIT CVE-2026-7482 Ollama before 0.17.1 contains a heap... 9.1 0.1% — May 4 CRIT GHSA-wpqr-6v78-jr5g Gemini CLI: Remote Code Execution via workspace... 10.0 — — Apr 24 CRIT GHSA-r75f-5x8p-qvmc LiteLLM has SQL Injection in Proxy API key... — — litellm Apr 24 CRIT E CVE-2026-41276 Flowise is a drag & drop user interface to build... 9.8 0.2% flowise Apr 23 CRIT E CVE-2026-41268 Flowise is a drag & drop user interface to build... 9.8 0.7% flowise Apr 23 CRIT E CVE-2026-41267 Flowise is a drag & drop user interface to build... 9.8 0.3% flowise Apr 23 CRIT E CVE-2026-41265 Flowise is a drag & drop user interface to build... 9.8 0.2% flowise Apr 23 CRIT E CVE-2026-41264 Flowise: CSV Agent Prompt Injection Remote Code... 9.8 0.3% flowise-components Apr 21 CRIT GHSA-v38x-c887-992f Flowise: Airtable_Agent Code Injection Remote... — — flowise-components Apr 18 CRIT GHSA-xh72-v6v9-mwhc OpenClaw: Feishu webhook and card-action... — — openclaw Apr 17 CRIT GHSA-9qhq-v63v-fv3j Incomplete fix for CVE-2026-34935: Command... 9.8 — praisonai Apr 17 CRIT GHSA-9wc7-mj3f-74xv Flowise CSVAgent: RCE via Python code injection — — flowise-components Apr 16 CRIT E CVE-2026-40933 Flowise: RCE via MCP stdio command injection 9.9 0.0% flowise-components Apr 16 CRIT E CVE-2025-61260 OpenAI Codex CLI: RCE via malicious MCP config files 9.8 0.1% @openai/codex Apr 14 Need deeper analysis?
Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.
Start 14-Day Free Trial