AI Threat Alert
Auth Bypass
AI/ML platforms accumulate auth-bypass vulnerabilities at the same rate as other web software, but the blast radius is unusual: a bypass on an inference endpoint exposes expensive compute, paid model access, and potentially other tenants' conversations. Common patterns we see in NVD and GHSA include misconfigured JWT verification in self-hosted inference servers, missing authorization checks on admin routes in ML platforms, IDOR on prediction-history endpoints, and SSRF that escapes a sandboxed agent into the platform's internal network. Open-source AI platforms (MLflow, Gradio, LangServe, Ollama) have shipped multiple high-severity auth-bypass CVEs since 2023; CISA KEV has flagged at least one (the MLflow path-traversal/auth chain). Defenses: keep self-hosted AI platforms patched aggressively, require auth on all model endpoints, network-segment inference servers, and treat any exposed AI service as if compute-cost abuse will happen.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2025-13374 | Kalrav: Arbitrary File Upload enables RCE | 9.8 | |
| HIGH | CVE-2026-25580 | pydantic-ai: SSRF allows internal network access | pydantic-ai-slim | 8.6 |
| HIGH | CVE-2026-24780 | agpt: Code Injection enables RCE | 8.8 | |
| MEDIUM | CVE-2023-34094 | ChuanhuChatGPT: config exposure leaks API keys | chuanhuchatgpt | 5.3 |
| HIGH | CVE-2024-36420 | Flowise: unauthenticated arbitrary file read via API | flowise | 7.5 |
| HIGH | CVE-2024-36421 | Flowise: CORS wildcard enables file read and data theft | flowise | 7.5 |
| MEDIUM | CVE-2024-36423 | Flowise: reflected XSS in chatflow API enables session hijack | flowise | 6.1 |
| MEDIUM | CVE-2024-37146 | Flowise: reflected XSS enables credential theft | flowise | 6.1 |
| HIGH | CVE-2025-30358 | Mesop: class pollution enables DoS and LLM jailbreak | 8.1 | |
| CRITICAL | CVE-2025-58434 | Flowise: auth bypass in reset flow allows full ATO | flowise | 9.8 |
| CRITICAL | CVE-2025-61913 | Flowise: path traversal in file tools leads to RCE | flowise | 9.9 |
| CRITICAL | CVE-2024-49326 | Affiliator WP Plugin: Unauthenticated Web Shell Upload | affiliator | 9.8 |
| CRITICAL | CVE-2025-54381 | BentoML: unauthenticated SSRF via file upload URLs | bentoml | 9.9 |
| MEDIUM | CVE-2023-27562 | n8n: path traversal allows arbitrary file read | n8n | 6.5 |
| HIGH | CVE-2023-27563 | n8n: privilege escalation exposes full workflow admin | n8n | 8.8 |
| HIGH | CVE-2023-27564 | n8n: unauthenticated info disclosure exposes credentials | n8n | 7.5 |
| MEDIUM | CVE-2025-46343 | n8n: stored XSS enables account takeover | n8n | 5.4 |
| MEDIUM | CVE-2025-49592 | n8n: open redirect enables phishing via login flow | n8n | 5.4 |
| MEDIUM | CVE-2025-52554 | n8n: broken authz enables cross-user workflow termination | n8n | 4.3 |
| MEDIUM | CVE-2025-52478 | n8n: Stored XSS enables full account takeover | n8n | 5.4 |