AI Threat Alert
DoS
Denial of service is cheap against AI systems because inference is expensive. A single request asking for a very long context, a recursive thinking pattern, or a maximally complex tokenization ("unicode bombs") can consume seconds of GPU time. Agent frameworks add a more dangerous variant: a prompt that tricks the agent into invoking itself or another expensive tool in a loop, fanning out until the budget is exhausted. For paid model APIs, the same attack is also a financial denial of service — the attacker doesn't take the service down, they run up the bill. We have seen production CVEs of all three shapes in inference servers (vLLM, TGI), agent frameworks (LangChain, AutoGen), and applications using third-party LLM APIs without per-tenant budget caps. Defenses: per-request token and time limits, per-tenant compute and budget quotas, depth limits on agent recursion, and circuit breakers on tool invocation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-27795 | LangChain: SSRF allows internal network access | 7.4 | |
| HIGH | CVE-2026-33053 | langflow: IDOR enables unauthorized data access | langflow | 8.8 |
| UNKNOWN | CVE-2018-7576 | TensorFlow: NPD in 1.6.x crashes ML runtime | tensorflow | - |
| UNKNOWN | CVE-2018-10055 | TensorFlow XLA: heap overflow via crafted config file | tensorflow | - |
| UNKNOWN | CVE-2018-7577 | TensorFlow: Snappy memcpy overlap crash/mem disclosure | tensorflow | - |
| UNKNOWN | CVE-2019-9635 | TensorFlow: NULL ptr deref DoS via malformed GIF input | tensorflow | - |
| HIGH | CVE-2020-5215 | TensorFlow: type confusion DoS crashes eager mode inference | tensorflow | 7.5 |
| MEDIUM | CVE-2020-15190 | TensorFlow: null ptr deref DoS via Switch op eager runtime | tensorflow | 5.3 |
| MEDIUM | CVE-2020-15191 | TensorFlow: null ptr deref in dlpack causes remote DoS | tensorflow | 5.3 |
| MEDIUM | CVE-2020-15192 | TensorFlow: memory leak in dlpack DoS via low-priv input | tensorflow | 4.3 |
| HIGH | CVE-2020-15193 | TensorFlow: uninitialized memory corruption via dlpack | tensorflow | 7.1 |
| MEDIUM | CVE-2020-15194 | TensorFlow: DoS via SparseFillEmptyRowsGrad assertion | tensorflow | 5.3 |
| MEDIUM | CVE-2020-15197 | TensorFlow: DoS via malformed sparse tensor input | tensorflow | 6.3 |
| MEDIUM | CVE-2020-15198 | TensorFlow: heap OOB in SparseCountSparseOutput ops | tensorflow | 5.4 |
| MEDIUM | CVE-2020-15199 | TensorFlow: DoS via malformed ragged tensor input | tensorflow | 5.9 |
| MEDIUM | CVE-2020-15200 | TensorFlow: heap overflow in RaggedCountSparseOutput DoS | tensorflow | 5.9 |
| CRITICAL | CVE-2020-15202 | TensorFlow: Shard API int truncation enables memory corruption | tensorflow | 9.0 |
| HIGH | CVE-2020-15203 | TensorFlow: format string DoS in strings.as_string | tensorflow | 7.5 |
| MEDIUM | CVE-2020-15204 | TensorFlow: null ptr deref DoS in eager mode ops | tensorflow | 5.3 |
| HIGH | CVE-2020-15206 | TensorFlow: SavedModel protobuf DoS in inference serving | tensorflow | 7.5 |
Page 1 of 28