AI Component

API

AI APIs are the boundary between the application and the model. Self-hosted inference servers (vLLM, Triton, Ollama, TGI) and third-party gateways (LiteLLM, OpenRouter) expose OpenAI-compatible endpoints, and the same web-app vulnerability classes appear here: missing or weak authentication on /v1/chat/completions, broken authorization between tenants, lack of rate limiting that lets an attacker drain quota or burn GPU time, and overly permissive CORS that leaks API keys from browser-side calls. The blast radius is unusual: a single auth-bypass on an inference endpoint exposes both data and compute, and in the case of paid hosted models, directly costs money. We have seen production CVEs across most popular self-hosted servers in the last 18 months. Defenses: require auth on every endpoint, per-tenant rate limits, separate key scopes for read vs admin, and pin server versions aggressively.

482
Total CVEs
25
Pages
Page 17 of 25
Current
Severity CVE CVSS
CRITICAL CVE-2026-46339 10.0
CRITICAL GHSA-3875-8gcx-7v46 9.1
MEDIUM GHSA-m837-xvxr-vqwg -
HIGH CVE-2026-47101 8.8
HIGH CVE-2026-47102 8.8
MEDIUM CVE-2026-9540 5.3
HIGH CVE-2026-44175 -
HIGH CVE-2026-44174 -
UNKNOWN CVE-2026-9806 -
HIGH CVE-2026-41235 -
MEDIUM CVE-2026-49384 6.1
HIGH CVE-2026-47406 8.1
MEDIUM CVE-2026-47408 6.5
HIGH CVE-2026-48169 8.8
CRITICAL CVE-2026-47393 9.8
CRITICAL CVE-2026-47396 9.8
MEDIUM CVE-2026-47411 6.5
CRITICAL CVE-2026-9319 9.0
MEDIUM CVE-2026-43625 5.9
MEDIUM CVE-2026-28511 4.3

Page 17 of 25