Attack Type

Code Execution

Remote code execution (RCE) vulnerabilities in AI frameworks allow attackers to execute arbitrary code on servers running ML inference, training pipelines, or AI agent frameworks.

643

Total CVEs

Pages

Page 32 of 33

Current

Severity	CVE	Headline	Package	CVSS
CRITICAL	GHSA-2679-6mx9-h9xc	Marimo: pre-auth RCE via terminal WebSocket	marimo	-
HIGH	GHSA-7437-7hg8-frrw	OpenClaw: env var injection enables host RCE	openclaw	-
MEDIUM	GHSA-3vvq-q2qc-7rmp	openclaw: no integrity check on ClawHub plugin installs	openclaw	-
MEDIUM	GHSA-w9j9-w4cp-6wgr	openclaw: env var injection enables host exec hijacking	openclaw	-
HIGH	GHSA-5wj5-87vq-39xm	openclaw: auth bypass enables exec escalation on reconnect	openclaw	-
MEDIUM	GHSA-q2gc-xjqw-qp89	OpenClaw: eval approval bypass enables unintended code exec	openclaw	-
LOW	GHSA-cm8v-2vh9-cxf3	openclaw: git env var injection enables host redirect	openclaw	-
HIGH	CVE-2026-40113	PraisonAI: arg injection injects env vars into Cloud Run	praisonai	8.4
CRITICAL	CVE-2026-40111	PraisonAI: RCE via shell injection in memory hooks executor	praisonaiagents	-
MEDIUM	CVE-2026-40112	PraisonAI: XSS via no-op HTML sanitizer in agent output	praisonai	5.4
HIGH	CVE-2026-40217	LiteLLM: RCE via bytecode rewriting in guardrails API	litellm	8.8
CRITICAL	GHSA-8x8f-54wf-vv92	PraisonAI: auth bypass enables browser session hijack	PraisonAI	9.1
CRITICAL	GHSA-vc46-vw85-3wvm	PraisonAI: RCE via malicious workflow YAML execution	PraisonAI	9.8
HIGH	GHSA-g985-wjh9-qxxc	PraisonAI: untrusted tools.py import enables RCE	PraisonAI	8.4
HIGH	GHSA-x462-jjpc-q4q4	praisonaiagents: CORS bypass enables silent agent RCE	praisonaiagents	8.1
CRITICAL	CVE-2026-40157	PraisonAI: path traversal allows arbitrary file write via recipe unpack	PraisonAI	-
HIGH	CVE-2026-40156	PraisonAI: auto tools.py load enables local RCE	praisonai	7.8
CRITICAL	CVE-2026-40154	PraisonAI: supply chain RCE via unverified template exec	PraisonAI	9.3
HIGH	GHSA-qwgj-rrpj-75xm	PraisonAI: hardcoded approval bypass enables RCE	PraisonAI	8.8
HIGH	CVE-2026-40158	PraisonAI: AST sandbox bypass enables host RCE	PraisonAI	8.6

Page 32 of 33

Previous Next

Related Attack Types

Prompt Injection Data Extraction Jailbreak Supply Chain Model Poisoning Adversarial Examples

Code Execution

Related Attack Types

Weekly CISO Take + top threats