AI Threat Alert
Attack Type
Code Execution
Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.
643
Total CVEs
33
Pages
Page 30 of 33
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-34452 | Anthropic SDK: TOCTOU symlink escape in async memory tool | anthropic | - |
| HIGH | CVE-2026-34445 | ONNX: property overwrite via crafted model file | onnx | 8.6 |
| HIGH | GHSA-q56x-g2fj-4rj6 | onnx: TOCTOU symlink following enables arbitrary file write | onnx | 7.1 |
| HIGH | CVE-2026-34955 | PraisonAI: sandbox escape via shell=True blocklist bypass | praisonai | 8.8 |
| HIGH | CVE-2026-34937 | PraisonAI: OS command injection via run_python() shell escape | praisonaiagents | 7.8 |
| CRITICAL | CVE-2026-34938 | praisonaiagents: sandbox bypass enables full host RCE | praisonaiagents | 10.0 |
| HIGH | CVE-2026-35175 | Ajenti: missing authz lets any user install packages | - | |
| CRITICAL | CVE-2026-0545 | MLflow: auth bypass in job API enables unauthenticated RCE | mlflow | 9.1 |
| HIGH | CVE-2026-35044 | BentoML: malicious bento archive RCE via Jinja2 SSTI | bentoml | 8.8 |
| HIGH | CVE-2026-35043 | BentoML: cmd injection RCE on cloud build infra | bentoml | 7.8 |
| UNKNOWN | CVE-2026-35029 | LiteLLM: auth bypass allows RCE and full takeover | litellm | - |
| CRITICAL | CVE-2026-35216 | Budibase: Unauthenticated RCE as root via webhook | 9.1 | |
| HIGH | CVE-2026-35394 | mobile-mcp: intent injection enables device control via AI agent | 8.3 | |
| UNKNOWN | CVE-2026-34940 | KubeAI: RCE via shell injection in Ollama startup probe | - | |
| MEDIUM | CVE-2026-35492 | kedro-datasets: path traversal enables arbitrary file write | kedro-datasets | 6.5 |
| HIGH | CVE-2026-35021 | Claude Code CLI: shell injection enables RCE | 7.8 | |
| HIGH | CVE-2026-35020 | Claude Code CLI: OS command injection via TERMINAL env | claude-code | 8.4 |
| CRITICAL | CVE-2026-35022 | Claude Code: OS command injection, credential theft | 9.8 | |
| CRITICAL | CVE-2026-35615 | PraisonAI: path traversal exposes full filesystem via agent tools | PraisonAI | - |
| HIGH | CVE-2026-39308 | PraisonAI: recipe registry path traversal file write | PraisonAI | 7.1 |