Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | GHSA-w47f-j8rh-wx87 | Flowise: credential exposure via public chatflow API | flowise | - |
| HIGH | GHSA-3prp-9gf7-4rxx | Flowise: Mass assignment enables cross-tenant store takeover | flowise | - |
| MEDIUM | GHSA-92jp-89mq-4374 | openclaw: auth bypass exposes sandbox browser session | openclaw | - |
| CRITICAL | GHSA-v38x-c887-992f | Flowise: prompt injection bypasses Python sandbox RCE | flowise-components | - |
| HIGH | CVE-2026-6596 | Langflow: unauthenticated file upload allows RCE | langflow-base | 7.3 |
| LOW | CVE-2026-6597 | langflow: Plaintext credential storage via Flow API | langflow | 2.7 |
| MEDIUM | CVE-2026-6598 | Langflow: cleartext auth storage exposes API keys | langflow | 4.3 |
| MEDIUM | CVE-2026-6599 | Langflow: MCP config injection via X-Forwarded-For header | langflow | 6.3 |
| LOW | CVE-2026-6600 | Langflow: stored XSS in chat message editor | langflow | 3.5 |
| MEDIUM | CVE-2026-6608 | FastChat: control flow flaw corrupts arena comparison | fschat | 5.3 |
| MEDIUM | CVE-2026-39378 | nbconvert: path traversal exfiltrates files via HTML export | nbconvert | 6.5 |
| MEDIUM | CVE-2026-39377 | nbconvert: path traversal enables arbitrary file write | nbconvert | 6.5 |
| CRITICAL | CVE-2026-41264 | Flowise: prompt injection → unsandboxed RCE via CSV Agent | flowise-components | 9.8 |
| HIGH | CVE-2026-41279 | Flowise: unauth API key abuse via TTS endpoint IDOR | flowise | 7.5 |
| CRITICAL | CVE-2026-41265 | Flowise: RCE via prompt injection in Airtable Agent | flowise | 9.8 |
| HIGH | CVE-2026-41137 | Flowise: RCE via CSVAgent unsanitized code injection | flowise | 8.8 |
| HIGH | CVE-2026-41138 | Flowise: RCE via unsanitized input in AirtableAgent | flowise | 8.8 |
| HIGH | CVE-2026-41266 | Flowise: unauthenticated API key exposure via chatbot config | flowise | 7.5 |
| CRITICAL | CVE-2026-41267 | Flowise: mass assignment auth bypass in registration | flowise | 9.8 |
| CRITICAL | CVE-2026-41268 | Flowise: unauthenticated RCE via NODE_OPTIONS env injection | flowise | 9.8 |