AI Threat Alert
Attack Type
Auth Bypass
Authentication bypass vulnerabilities in AI platforms allow attackers to access protected APIs, model endpoints, or admin interfaces without valid credentials.
311
Total CVEs
16
Pages
Page 14 of 16
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-35216 | Budibase: Unauthenticated RCE as root via webhook | 9.1 | |
| MEDIUM | CVE-2026-34425 | OpenClaw: script preflight bypass enables unsafe exec | openclaw | - |
| MEDIUM | CVE-2026-33865 | MLflow: stored XSS via MLmodel YAML artifact upload | mlflow | - |
| MEDIUM | CVE-2026-33866 | MLflow: auth bypass exposes model artifacts across experiments | mlflow | - |
| HIGH | CVE-2026-34511 | OpenClaw: PKCE verifier leak enables OAuth token theft | openclaw | - |
| HIGH | CVE-2026-35485 | text-generation-webui: unauthenticated path traversal file read | gradio | 7.5 |
| MEDIUM | GHSA-83f3-hh45-vfw9 | OpenClaw: cleartext WebSocket exposes gateway credentials | openclaw | - |
| MEDIUM | GHSA-jj6q-rrrf-h66h | openclaw: timing side-channel leaks shared-secret length | openclaw | - |
| MEDIUM | GHSA-fh32-73r9-rgh5 | OpenClaw: CDP host bypass exposes localhost browser state | openclaw | - |
| MEDIUM | GHSA-w6wx-jq6j-6mcj | openclaw: script swap bypasses pnpm dlx approval | openclaw | - |
| MEDIUM | GHSA-98ch-45wp-ch47 | OpenClaw: approval bypass via env key normalization gap | openclaw | - |
| MEDIUM | GHSA-2qrv-rc5x-2g2h | OpenClaw: untrusted plugin RCE via workspace channel setup | openclaw | - |
| MEDIUM | GHSA-5hff-46vh-rxmw | OpenClaw: read-only scope bypass kills agent sessions | openclaw | - |
| MEDIUM | GHSA-4p4f-fc8q-84m3 | openclaw: iOS bridge bypass enables unauthorized agent runs | openclaw | - |
| LOW | GHSA-fqrj-m88p-qf3v | OpenClaw: cross-account webhook event suppression | openclaw | - |
| MEDIUM | GHSA-h43v-27wg-5mf9 | OpenClaw: pre-auth signature bypass enables pairing DoS | openclaw | - |
| MEDIUM | GHSA-wpc6-37g7-8q4w | OpenClaw: exec allowlist bypass via shell init-file options | openclaw | - |
| LOW | GHSA-767m-xrhc-fxm7 | openclaw: operator.write escalates to admin Telegram config + cron | openclaw | - |
| MEDIUM | GHSA-fwjq-xwfj-gv75 | openclaw: auth bypass exposes agent session visibility | openclaw | - |
| MEDIUM | GHSA-3q42-xmxv-9vfr | openclaw: privilege escalation to admin voice config persistence | openclaw | - |