AI Component

API

AI APIs are the boundary between the application and the model. Self-hosted inference servers (vLLM, Triton, Ollama, TGI) and third-party gateways (LiteLLM, OpenRouter) expose OpenAI-compatible endpoints, and the same web-app vulnerability classes appear here: missing or weak authentication on /v1/chat/completions, broken authorization between tenants, lack of rate limiting that lets an attacker drain quota or burn GPU time, and overly permissive CORS that leaks API keys from browser-side calls. The blast radius is unusual: a single auth-bypass on an inference endpoint exposes both data and compute, and in the case of paid hosted models, directly costs money. We have seen production CVEs across most popular self-hosted servers in the last 18 months. Defenses: require auth on every endpoint, per-tenant rate limits, separate key scopes for read vs admin, and pin server versions aggressively.

482
Total CVEs
25
Pages
Page 20 of 25
Current
Severity CVE CVSS
MEDIUM CVE-2026-54236 5.3
CRITICAL CVE-2026-35304 9.8
CRITICAL CVE-2026-35305 9.3
CRITICAL CVE-2026-35306 9.3
CRITICAL CVE-2026-35307 10.0
CRITICAL CVE-2026-35308 10.0
CRITICAL CVE-2026-35309 9.8
CRITICAL CVE-2026-35310 9.8
MEDIUM CVE-2026-54022 5.3
MEDIUM CVE-2026-54021 6.3
HIGH GHSA-8ccj-p46r-jwqq 8.2
HIGH GHSA-jxcw-qp4h-6jfq 7.5
CRITICAL GHSA-892r-p3jq-jp24 9.8
CRITICAL GHSA-fq2m-6wqh-x44g 9.8
CRITICAL GHSA-j4f3-55x4-r6q2 9.8
CRITICAL GHSA-9752-mhqh-h34f 9.4
UNKNOWN CVE-2026-54003 -
HIGH CVE-2026-54002 -
MEDIUM CVE-2026-50188 -
HIGH GHSA-fq4x-789w-jg5h -

Page 20 of 25