AI Threat Alert
Attack Type
Auth Bypass
Authentication bypass vulnerabilities in AI platforms allow attackers to access protected APIs, model endpoints, or admin interfaces without valid credentials.
316
Total CVEs
16
Pages
Page 15 of 16
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | GHSA-vjx8-8p7h-82gr | openclaw: SSRF in marketplace plugin download | openclaw | - |
| MEDIUM | GHSA-h2v7-xc88-xx8c | openclaw: operator scope bypass in phone arm/disarm cmds | openclaw | - |
| HIGH | GHSA-69x8-hrgq-fjj8 | LiteLLM: auth bypass chain enables full privilege escalation | litellm | - |
| MEDIUM | CVE-2026-39398 | openclaw-claude-bridge: sandbox bypass exposes CLI tools | claude-code | - |
| MEDIUM | CVE-2026-39411 | LobeChat: auth bypass via forged XOR obfuscated header | @lobehub/lobehub | 5.0 |
| HIGH | CVE-2026-39889 | PraisonAI: unauth A2U stream leaks all agent activity | praisonai | 7.5 |
| CRITICAL | CVE-2026-39888 | praisonaiagents: sandbox escape enables host RCE | praisonaiagents | 10.0 |
| HIGH | GHSA-4ggg-h7ph-26qr | n8n-mcp: authenticated SSRF leaks cloud metadata | n8n-mcp | 8.5 |
| MEDIUM | CVE-2026-5803 | openai-realtime-ui: SSRF in API proxy endpoint | 6.3 | |
| CRITICAL | GHSA-2679-6mx9-h9xc | Marimo: pre-auth RCE via terminal WebSocket | marimo | - |
| MEDIUM | CVE-2026-1163 | lollms: sessions persist after password reset | lollms | 4.1 |
| HIGH | GHSA-jf56-mccx-5f3f | OpenClaw: wake hook trust violation elevates to System prompt | openclaw | - |
| HIGH | GHSA-gfmx-pph7-g46x | openclaw: trust boundary bypass enables prompt injection | openclaw | - |
| HIGH | GHSA-qx8j-g322-qj6m | OpenClaw: unsafe body replay on cross-origin redirect | openclaw | - |
| MEDIUM | GHSA-w8g9-x8gx-crmm | OpenClaw: SSRF bypass via Playwright redirect handling | openclaw | - |
| LOW | GHSA-4f8g-77mw-3rxc | OpenClaw: gateway auth expands read to write privilege | openclaw | - |
| MEDIUM | GHSA-vr5g-mmx7-h897 | OpenClaw: SSRF bypass via interaction-triggered navigation | openclaw | - |
| MEDIUM | GHSA-67mf-f936-ppxf | OpenClaw: scope misconfiguration enables unauthorized node pairing | openclaw | - |
| LOW | GHSA-5fc7-f62m-8983 | OpenClaw: local file read bypasses workspace policy | openclaw | - |
| MEDIUM | GHSA-3fv3-6p2v-gxwj | openclaw: SSRF bypass in QQ Bot media fetch paths | openclaw | - |