AI Threat Alert
Attack Type
Auth Bypass
Authentication bypass vulnerabilities in AI platforms allow attackers to access protected APIs, model endpoints, or admin interfaces without valid credentials.
321
Total CVEs
17
Pages
Page 16 of 17
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | GHSA-5h3f-885m-v22w | openclaw: WS sessions persist after gateway token rotation | openclaw | - |
| LOW | GHSA-25wv-8phj-8p7r | OpenClaw: auth rate-limit bypass via async race condition | openclaw | - |
| HIGH | GHSA-5wj5-87vq-39xm | openclaw: auth bypass enables exec escalation on reconnect | openclaw | - |
| MEDIUM | GHSA-vc32-h5mq-453v | OpenClaw: cross-channel allowlist write bypass | openclaw | - |
| MEDIUM | GHSA-68x5-xx89-w9mm | OpenClaw: stale auth closure bypasses gateway access control | openclaw | - |
| MEDIUM | GHSA-cmfr-9m2r-xwhq | OpenClaw: auth bypass enables persistent browser profile mutation | openclaw | - |
| MEDIUM | GHSA-whf9-3hcx-gq54 | OpenClaw: token rotation bypasses role approval | openclaw | - |
| MEDIUM | GHSA-q2gc-xjqw-qp89 | OpenClaw: eval approval bypass enables unintended code exec | openclaw | - |
| HIGH | CVE-2026-40113 | PraisonAI: arg injection injects env vars into Cloud Run | praisonai | 8.4 |
| HIGH | CVE-2026-40116 | PraisonAI: unauth WebSocket drains OpenAI API credits | praisonai | 7.5 |
| MEDIUM | CVE-2026-35651 | OpenClaw: ANSI injection spoof AI agent approval prompts | openclaw | 4.3 |
| CRITICAL | GHSA-8x8f-54wf-vv92 | PraisonAI: auth bypass enables browser session hijack | PraisonAI | 9.1 |
| MEDIUM | GHSA-x783-xp3g-mqhp | PraisonAI: SQL injection via table_prefix exposes DB | PraisonAI | - |
| HIGH | CVE-2026-40114 | PraisonAI: unauthenticated SSRF via unvalidated webhook_url | PraisonAI | 7.2 |
| MEDIUM | GHSA-ffp3-3562-8cv3 | PraisonAI: tool approval bypass leaks env credentials | praisonaiagents | 5.5 |
| HIGH | GHSA-x462-jjpc-q4q4 | praisonaiagents: CORS bypass enables silent agent RCE | praisonaiagents | 8.1 |
| HIGH | GHSA-qwgj-rrpj-75xm | PraisonAI: hardcoded approval bypass enables RCE | PraisonAI | 8.8 |
| MEDIUM | CVE-2026-40151 | PraisonAI: unauthenticated agent config and system prompt disclosure | PraisonAI | 5.3 |
| HIGH | CVE-2026-40149 | PraisonAI: auth bypass disables agent safety controls | PraisonAI | 7.9 |
| MEDIUM | CVE-2026-40115 | PraisonAI: unbounded body read enables local DoS | PraisonAI | 6.2 |