API
AI APIs are the boundary between the application and the model. Self-hosted inference servers (vLLM, Triton, Ollama, TGI) and third-party gateways (LiteLLM, OpenRouter) expose OpenAI-compatible endpoints, and the same web-app vulnerability classes appear here: missing or weak authentication on /v1/chat/completions, broken authorization between tenants, lack of rate limiting that lets an attacker drain quota or burn GPU time, and overly permissive CORS that leaks API keys from browser-side calls. The blast radius is unusual: a single auth-bypass on an inference endpoint exposes both data and compute, and in the case of paid hosted models, directly costs money. We have seen production CVEs across most popular self-hosted servers in the last 18 months. Defenses: require auth on every endpoint, per-tenant rate limits, separate key scopes for read vs admin, and pin server versions aggressively.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-3198 | MLflow: auth bypass exposes gateway secrets and keys | mlflow | 6.5 |
| HIGH | CVE-2026-31942 | LibreChat: IDOR enables cross-user API key hijacking | 7.1 | |
| HIGH | CVE-2026-4035 | MLflow: AI Gateway leaks cloud credentials via env injection | mlflow | 7.7 |
| HIGH | GHSA-f9rx-7wf7-jr36 | Froxlor: 2FA bypass via API grants full account access | froxlor/froxlor | 8.1 |
| HIGH | CVE-2026-41234 | Froxlor: DNS zone injection via unsanitized TXT record | froxlor/froxlor | 7.6 |
| MEDIUM | CVE-2026-8462 | OpenMeter: SQL injection leaks all-tenant metering data | github.com/openmeterio/openmeter | - |
| CRITICAL | CVE-2026-2586 | GlassFish: authenticated RCE via admin console | org.glassfish.jsftemplating:jsftemplating | 9.1 |
| MEDIUM | CVE-2026-11326 | OpenAI Atlas: XSS enables browser history exfiltration | - | |
| HIGH | CVE-2026-47419 | praisonai-platform: IDOR enables cross-workspace agent read/write/delete | praisonai-platform | 8.3 |
| HIGH | CVE-2026-47732 | twig/twig: sandbox bypass leaks render context | twig/twig | - |
| LOW | CVE-2026-47241 | net-imap: IMAP command smuggling enables DoS | net-imap | - |
| HIGH | CVE-2026-5497 | vLLM: unauthenticated OOM DoS via video frame parsing | vllm | 7.5 |
| MEDIUM | CVE-2026-10127 | Edimax BR-6478AC: RCE via rootAPmac command injection | 6.3 | |
| MEDIUM | CVE-2026-10166 | Edimax BR-6478AC: RCE via command injection in Wi-Fi handler | 6.3 | |
| CRITICAL | CVE-2024-13147 | B2B Login Panel: SQLi enables unauthenticated DB access | B2B Login Panel | 9.8 |
| MEDIUM | CVE-2026-10548 | hermes-agent: auth bypass exposes Anthropic API credentials | 5.3 | |
| CRITICAL | CVE-2024-6877 | Panel: Reflected XSS enables session hijack in ML UI | Panel | - |
| CRITICAL | CVE-2024-5959 | Panel: Stored XSS enables session hijack in ML dashboards | Panel | - |
| CRITICAL | CVE-2024-6684 | Nova Panel N7: auth bypass via alternate channel (EOL) | inohom Nova Panel N7 | - |
| MEDIUM | CVE-2025-7013 | Menu Panel: IDOR auth bypass exposes confidential data | Menu Panel | 5.7 |