Attack Type

Code Execution

Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.

643

Total CVEs

Pages

Page 21 of 33

Current

Severity	CVE	Headline	Package	CVSS
MEDIUM	CVE-2025-68949	n8n: security flaw enables exploitation	n8n	5.3
CRITICAL	CVE-2026-0863	n8n: Code Injection enables RCE	n8n	9.9
CRITICAL	CVE-2026-1470	n8n: Code Injection enables RCE	n8n	9.9
CRITICAL	CVE-2026-25049	n8n: security flaw enables exploitation	n8n	9.9
MEDIUM	CVE-2026-25051	n8n: XSS enables session hijacking	n8n	5.4
CRITICAL	CVE-2026-25053	n8n: Command Injection enables RCE	n8n	9.9
MEDIUM	CVE-2026-25054	n8n: XSS enables session hijacking	n8n	5.4
HIGH	CVE-2026-25055	n8n: Path Traversal enables file access	n8n	8.1
HIGH	CVE-2026-25056	n8n: Arbitrary File Upload enables RCE	n8n	8.8
CRITICAL	CVE-2026-25115	n8n: Protection Bypass circumvents security controls	n8n	9.9
HIGH	CVE-2026-21893	n8n: Input Validation flaw enables exploitation	n8n	7.2
MEDIUM	CVE-2026-25631	n8n: Input Validation flaw enables exploitation	n8n	6.5
MEDIUM	CVE-2026-30886	AI component: IDOR enables unauthorized data access		6.5
CRITICAL	CVE-2026-33309	langflow: Path Traversal enables file access	langflow	9.9
CRITICAL	CVE-2026-33475	langflow: security flaw enables exploitation	langflow	9.1
HIGH	CVE-2026-33236	nltk: Path Traversal enables file access		8.1
MEDIUM	GHSA-5cxw-w2xg-2m8h	fickling: Allowlist Bypass evades input filtering	fickling	-
MEDIUM	GHSA-r48f-3986-4f9c	fickling: Allowlist Bypass evades input filtering	fickling	-
CRITICAL	CVE-2026-27825	mcp-atlassian: Path Traversal enables file access	mcp-atlassian	9.1
MEDIUM	CVE-2026-28277	langgraph: Deserialization enables RCE	langgraph	6.8

Page 21 of 33

Previous Next

Related Attack Types

Prompt Injection Data Extraction Jailbreak Supply Chain Model Poisoning Adversarial Examples

Code Execution

Related Attack Types

Weekly CISO Take + top threats