AI Threat Alert
Attack Type
Auth Bypass
Authentication bypass vulnerabilities in AI platforms allow attackers to access protected APIs, model endpoints, or admin interfaces without valid credentials.
310
Total CVEs
16
Pages
Page 9 of 16
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2024-4888 | litellm: arbitrary file deletion via audio endpoint | litellm | 8.1 |
| MEDIUM | CVE-2025-45809 | LiteLLM: SQL injection in key management API | litellm | 5.4 |
| UNKNOWN | CVE-2025-11203 | LiteLLM: Info Disclosure leaks sensitive data | - | |
| CRITICAL | CVE-2026-33309 | langflow: Path Traversal enables file access | langflow | 9.9 |
| HIGH | CVE-2026-33484 | langflow: Access Control bypass enables privilege escalation | langflow | 7.5 |
| HIGH | CVE-2026-33497 | langflow: Path Traversal enables file access | langflow | 7.5 |
| MEDIUM | GHSA-r48f-3986-4f9c | fickling: Allowlist Bypass evades input filtering | fickling | - |
| HIGH | CVE-2026-27826 | mcp-atlassian: SSRF allows internal network access | mcp-atlassian | 8.2 |
| HIGH | GHSA-wccx-j62j-r448 | fickling: Protection Bypass circumvents security controls | fickling | - |
| CRITICAL | GHSA-vvpj-8cmc-gx39 | picklescan: security flaw enables exploitation | picklescan | 10.0 |
| HIGH | GHSA-mxhj-88fx-4pcv | fickling: security flaw enables exploitation | fickling | - |
| MEDIUM | CVE-2026-27482 | ray: Missing Auth allows unauthenticated access | ray | 5.9 |
| CRITICAL | CVE-2026-26030 | semantic-kernel: Code Injection enables RCE | semantic-kernel | 10.0 |
| HIGH | CVE-2026-1117 | lollms: Access Control bypass enables privilege escalation | lollms | 8.2 |
| CRITICAL | CVE-2026-25481 | langroid: Code Injection enables RCE | - | |
| MEDIUM | GHSA-gpx9-96j6-pp87 | agentos-taskweaver: Protection Bypass circumvents security controls | 6.5 | |
| MEDIUM | CVE-2025-68492 | chainlit: IDOR enables unauthorized data access | chainlit | 4.2 |
| HIGH | CVE-2026-22033 | label-studio: XSS enables session hijacking | label-studio | - |
| HIGH | CVE-2026-22612 | fickling: Deserialization enables RCE | fickling | - |
| HIGH | CVE-2026-22609 | fickling: Allowlist Bypass evades input filtering | fickling | - |