AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 684 results — High severity

LangChain: deserialization poisons LLM chat history

CVE-2026-44843

Prompt Injection Code Execution Supply Chain Framework Agent

langchain-core Patch: 1.3.3 CWE-502 4.3K 5 ATLAS

Open WebUI: path traversal + file upload leads to RCE

CVE-2026-44566

Code Execution Supply Chain Inference Model

open-webui Patch: 0.1.124 CWE-22 5 ATLAS

Open WebUI: auth bypass gives pending users full LLM access

CVE-2026-44567

Auth Bypass Data Extraction DoS API Inference

open-webui Patch: 0.1.124 CWE-862 4 ATLAS

open-webui: XSS via XLSX preview enables session hijack

CVE-2026-44549

Code Execution Data Extraction Auth Bypass Framework API

open-webui Patch: 0.8.0 CWE-79 7 ATLAS

banks: SSTI enables RCE via unsandboxed Jinja2 templates

CVE-2026-44209

Code Execution Supply Chain Framework Agent

banks Patch: 2.4.2 CWE-1336 154 4 ATLAS

open-webui: RAG poisoning via unauthorized KB overwrite

CVE-2026-44554

Auth Bypass Model Poisoning Prompt Injection RAG API Framework

open-webui Patch: 0.9.0 CWE-862 8 ATLAS

open-webui: auth bypass allows unrestricted model access

CVE-2026-44556

Auth Bypass DoS Data Extraction API Inference Model

open-webui Patch: 0.9.0 CWE-284 8 ATLAS

Open WebUI's Base Model Routing Bypasses Access Control via Model Chaining

CVE-2026-44555

open-webui Patch: 0.9.0 CWE-862

Open WebUI: Redis Cache Keys tool_servers and terminal_servers Missing Instance Prefix Enable Cross-Instance Cache Poisoning

CVE-2026-44552

open-webui Patch: 0.9.0 CWE-668

Open WebUI: Stale Admin Role in Socket.IO Session Pool Enables Post-Demotion Cross-User Note Access

CVE-2026-44553

open-webui Patch: 0.9.0 CWE-384

open-webui Vulnerable to Stored XSS via Model Description

CVE-2026-44721

open-webui Patch: 0.9.0 CWE-79

n8n-mcp affected by path traversal, redirect-following SSRF, and telemetry payload exposure

GHSA-8g7g-hmwm-6rv2

n8n-mcp Patch: 2.50.1 CWE-22 16

LiteLLM is a proxy server (AI Gateway) to call LLM APIs in OpenAI (or native) format. From version 1.74.2 to before version 1.83.7, two endpoints used to...

CVE-2026-42271

litellm CWE-77 4

Diffusers has a `trust_remote_code` bypass via `custom_pipeline` and local custom components

CVE-2026-44513

diffusers Patch: 0.38.0 CWE-94 385

Diffusers: None.py has Trust Remote Code Bypass

GHSA-j7w6-vpvq-j3gm

diffusers Patch: 0.38.0 CWE-94 385

Aegra has cross-user run injection in /threads/{thread_id}/runs (IDOR)

CVE-2026-44504

aegra-api Patch: 0.9.7 CWE-285 3.1K

PraisonAI has unauthenticated RCE via `tool_override.py` (CVE-2026-40287 patch bypass)

CVE-2026-44334

praisonai Patch: 4.6.32 CWE-94 1

PraisonAI has an SSRF bypass

CVE-2026-44335

praisonaiagents Patch: 1.6.32 CWE-918 11

GitPython: Newline injection in config_writer().set_value() enables RCE via core.hooksPath

CVE-2026-44244

GitPython Patch: 3.1.49 CWE-94 80

JupyterLab's command linker attributes in HTML enable one-click command execution from untrusted content

CVE-2026-42557

notebook Patch: 7.5.6 CWE-79 2.9K

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial