Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-47410 | praisonai-platform: hardcoded JWT → full account takeover | praisonai-platform | 9.8 |
| HIGH | CVE-2026-47405 | PraisonAI Platform: member self-promotes to workspace owner | praisonai-platform | 8.8 |
| HIGH | CVE-2026-47399 | praisonai-platform: IDOR breaks workspace tenant isolation | praisonai-platform | 8.8 |
| CRITICAL | CVE-2026-47407 | praisonai-platform: IDOR enables cross-tenant agent hijack | praisonai-platform | - |
| HIGH | CVE-2026-48169 | praisonai-platform: IDOR allows full workspace takeover | praisonai-platform | 8.8 |
| CRITICAL | CVE-2026-47391 | PraisonAI: Unauth RCE via A2A eval injection | PraisonAI | 9.8 |
| HIGH | CVE-2026-47394 | PraisonAI: MCP path traversal exfiltrates host credentials | PraisonAI | - |
| CRITICAL | CVE-2026-47392 | praisonaiagents: RCE via Python sandbox bypass | PraisonAI | 9.9 |
| MEDIUM | CVE-2026-47395 | PraisonAI: SSRF via @url mention exposes localhost services | PraisonAI | 5.5 |
| CRITICAL | CVE-2026-47393 | PraisonAI: auth bypass in deployed API exposes LLM + tools | PraisonAI | 9.8 |
| CRITICAL | CVE-2026-47396 | PraisonAI: fail-open auth exposes remote agent control API | PraisonAI | 9.8 |
| HIGH | CVE-2026-47398 | PraisonAI: RCE via ungated exec_module in agent config | PraisonAI | 8.1 |
| HIGH | CVE-2026-47412 | praisonai-platform: member can wipe entire workspace | praisonai-platform | 8.1 |
| HIGH | CVE-2026-47415 | praisonai-platform: IDOR exposes cross-workspace tenant data | praisonai-platform | 8.3 |
| CRITICAL | CVE-2026-47413 | praisonai-platform: member can escalate to workspace owner | praisonai-platform | 9.6 |
| HIGH | CVE-2026-47417 | praisonai-platform: IDOR enables cross-tenant comment exfil | praisonai-platform | 8.1 |
| HIGH | CVE-2026-47418 | praisonai-platform: IDOR exposes cross-workspace projects | praisonai-platform | 8.1 |
| HIGH | CVE-2026-38950 | AnomalyMatch: RCE via torch.load() unsafe deserialization | 7.8 | |
| CRITICAL | CVE-2026-9319 | IBM WebSphere: RCE via JAX-WS deserialization (CVSS 9.0) | 9.0 | |
| HIGH | CVE-2026-43624 | F5-TTS: path traversal enables arbitrary file write | 8.2 |