AI Threat Alert

AI Security Threat Feed

Latest CVEs affecting AI/ML systems, updated continuously. Tracked from NVD, GitHub Advisory, and CISA KEV.

1,604

AI/ML CVEs Tracked

225

Critical

79

New This Week

16

In CISA KEV

Sort: Date CVSS EPSS KEV first Most exploited

Filter: All Critical High Medium KEV only Active exploitation Has patch No patch

Latest AI Security Threats

Showing 20 of 1604 results

Severity CVE ID Summary CVSS EPSS Package Date

MEDI CVE-2026-44897 mistune: XSS via unescaped heading id= attribute 6.1 — mistune May 9 MEDI CVE-2026-44708 mistune: math plugin XSS bypasses escape=True control 6.1 — mistune May 8 HIGH CVE-2026-44843 LangChain: deserialization poisons LLM chat history 8.2 — langchain-core May 8 HIGH CVE-2026-44566 Open WebUI: path traversal + file upload leads to RCE 7.3 — open-webui May 8 HIGH CVE-2026-44567 Open WebUI: auth bypass gives pending users full LLM access 7.3 — open-webui May 8 HIGH CVE-2026-44549 open-webui: XSS via XLSX preview enables session hijack 7.3 — open-webui May 8 MEDI CVE-2026-44568 open-webui: XSS in pending overlay enables session hijack 4.8 — open-webui May 8 CRIT CVE-2026-44211 cline: WebSocket auth bypass enables terminal RCE 9.6 — — May 8 HIGH CVE-2026-44209 banks: SSTI enables RCE via unsandboxed Jinja2 templates 7.5 — banks May 8 MEDI CVE-2026-42282 n8n-MCP: credential logging exposes OAuth tokens in HTTP mode 4.3 — — May 8 MEDI CVE-2026-44560 open-webui: RAG auth bypass exposes private files 6.5 — open-webui May 8 MEDI CVE-2026-44561 open-webui: auth bypass exposes private group channels 5.4 — open-webui May 8 MEDI CVE-2026-44564 open-webui: auth bypass in collaborative doc editing 5.4 — open-webui May 8 MEDI CVE-2026-44563 open-webui: auth bypass exposes restricted LLM models 5.4 — open-webui May 8 MEDI CVE-2026-44562 open-webui: missing authz enables model hijacking 6.5 — open-webui May 8 MEDI CVE-2026-44559 open-webui: private channel member list exposed to any user 4.3 — open-webui May 8 MEDI CVE-2026-44557 open-webui: auth bypass exposes all knowledge base metadata 4.3 — open-webui May 8 HIGH CVE-2026-44554 open-webui: RAG poisoning via unauthorized KB overwrite 8.1 — open-webui May 8 MEDI CVE-2026-44558 open-webui: permission bypass exposes channels publicly 5.4 — open-webui May 8 HIGH CVE-2026-44556 open-webui: auth bypass allows unrestricted model access 7.1 — open-webui May 8

Need deeper analysis?

Get ATLAS technique mappings, compliance reports (ISO 42001, EU AI Act), breaking alerts, and full CISO analysis with a Pro subscription.

Start 14-Day Free Trial