Attack Type

Code Execution

Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.

626

Total CVEs

Pages

Page 1 of 32

Current

Severity	CVE	Headline	Package	CVSS
UNKNOWN	CVE-2026-2492	TensorFlow: security flaw enables exploitation		-
MEDIUM	CVE-2026-4538	AI component: Input Validation flaw enables exploitation		5.3
MEDIUM	CVE-2026-27795	LangChain: SSRF allows internal network access		4.1
CRITICAL	CVE-2026-27966	langflow: Code Injection enables RCE	langflow	9.8
HIGH	CVE-2026-25750	langsmith: security flaw enables exploitation	langsmith	8.1
CRITICAL	CVE-2026-30741	OpenClaw: RCE via request-side prompt injection	openclaw	9.8
CRITICAL	CVE-2026-28500	onnx: Integrity Verification bypass enables tampering	onnx	9.1
HIGH	CVE-2026-2033	mlflow: Path Traversal enables file access	mlflow	8.1
CRITICAL	CVE-2026-2635	mlflow: security flaw enables exploitation	mlflow	9.8
HIGH	CVE-2025-14287	mlflow: Code Injection enables RCE	mlflow	7.5
CRITICAL	CVE-2025-15031	mlflow: Path Traversal enables file access	mlflow	9.1
CRITICAL	CVE-2026-25960	vllm: SSRF allows internal network access	vllm	9.8
CRITICAL	CVE-2026-33017	langflow: Code Injection enables RCE	langflow	9.8
HIGH	CVE-2026-33053	langflow: IDOR enables unauthorized data access	langflow	8.8
MEDIUM	CVE-2026-27167	gradio: Weak Credentials allow account compromise	gradio	5.9
HIGH	CVE-2026-28414	gradio: security flaw enables exploitation	gradio	7.5
MEDIUM	CVE-2026-28415	gradio: Info Disclosure leaks sensitive data	gradio	4.7
HIGH	CVE-2026-28416	gradio: SSRF allows internal network access	gradio	8.6
HIGH	CVE-2026-30820	Flowise: header spoof auth bypass exposes admin API & creds	flowise	8.8
CRITICAL	CVE-2026-30821	flowise: Arbitrary File Upload enables RCE	flowise	9.8

Page 1 of 32

Related Attack Types

Prompt Injection Data Extraction Jailbreak Supply Chain Model Poisoning Adversarial Examples

Code Execution

Related Attack Types

Weekly CISO Take + top threats