Attack Type

Code Execution

Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.

643

Total CVEs

Pages

Page 31 of 33

Current

Severity	CVE	Headline	Package	CVSS
HIGH	CVE-2026-39306	PraisonAI: recipe path traversal allows arbitrary file write	PraisonAI	7.3
CRITICAL	CVE-2026-39305	PraisonAI: path traversal enables arbitrary file write/RCE	PraisonAI	9.0
HIGH	CVE-2026-39307	PraisonAI: Zip Slip enables arbitrary file write / RCE	PraisonAI	8.1
MEDIUM	CVE-2026-34425	OpenClaw: script preflight bypass enables unsafe exec	openclaw	-
MEDIUM	CVE-2026-1839	HuggingFace Transformers: RCE via malicious checkpoint load	transformers	6.5
MEDIUM	CVE-2026-33865	MLflow: stored XSS via MLmodel YAML artifact upload	mlflow	-
MEDIUM	GHSA-w6wx-jq6j-6mcj	openclaw: script swap bypasses pnpm dlx approval	openclaw	-
MEDIUM	GHSA-98ch-45wp-ch47	OpenClaw: approval bypass via env key normalization gap	openclaw	-
MEDIUM	GHSA-2qrv-rc5x-2g2h	OpenClaw: untrusted plugin RCE via workspace channel setup	openclaw	-
MEDIUM	GHSA-m34q-h93w-vg5x	openclaw: path traversal enables remote dir overwrite	openclaw	-
MEDIUM	GHSA-wpc6-37g7-8q4w	OpenClaw: exec allowlist bypass via shell init-file options	openclaw	-
MEDIUM	GHSA-42mx-vp8m-j7qh	openclaw: sandbox escape via mirror mode hook execution	openclaw	-
HIGH	GHSA-vfw7-6rhc-6xxg	openclaw: env var injection via workspace config	openclaw	-
HIGH	GHSA-89gg-p5r5-q6r4	MONAI: pickle deserialization RCE in Auto3DSeg	monai	7.7
HIGH	CVE-2026-3357	Langflow: deserialization RCE via FAISS component default	langflow	8.8
MEDIUM	CVE-2026-39398	openclaw-claude-bridge: sandbox bypass exposes CLI tools	claude-code	-
HIGH	CVE-2026-39891	praisonai: SSTI enables RCE via agent instructions	praisonai	8.8
CRITICAL	CVE-2026-39888	praisonaiagents: sandbox escape enables host RCE	praisonaiagents	10.0
CRITICAL	CVE-2026-39890	PraisonAI: YAML deserialization enables unauthenticated RCE	praisonai	9.8
CRITICAL	GHSA-2763-cj5r-c79m	PraisonAI: RCE via shell injection in agent workflows	PraisonAI	9.7

Page 31 of 33

Previous Next

Related Attack Types

Prompt Injection Data Extraction Jailbreak Supply Chain Model Poisoning Adversarial Examples

Code Execution

Related Attack Types

Weekly CISO Take + top threats