Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-7787 | Langflow: IDOR bypasses auth, exposes sensitive AI configs | langflow | 8.1 |
| HIGH | CVE-2026-53807 | OpenClaw: auth bypass allows unauthorized command execution | OpenClaw | 8.8 |
| HIGH | CVE-2026-53806 | OpenClaw: shell flag bypass enables RCE in agent exec | openclaw | 8.8 |
| HIGH | CVE-2026-53813 | OpenClaw: path traversal enables RCE via memory-core artifacts | openclaw | 7.8 |
| HIGH | CVE-2026-53816 | OpenClaw: node event forgery bypasses exec authorization | openclaw | 7.2 |
| MEDIUM | CVE-2026-53815 | OpenClaw: auth bypass exposes restricted channel messages | openclaw | 6.5 |
| MEDIUM | CVE-2026-53818 | OpenClaw: MCP loopback auth bypass enables policy evasion | openclaw | 6.6 |
| CRITICAL | CVE-2024-13152 | Mobuy Panel: SQLi allows unauthenticated DB takeover | Mobuy Online Machinery Monitoring Panel | 10.0 |
| CRITICAL | CVE-2024-13147 | B2B Login Panel: SQLi enables unauthenticated DB access | B2B Login Panel | 9.8 |
| MEDIUM | CVE-2024-11831 | serialize-javascript: XSS via regex in AI/ML dashboards | odh-kf-notebook-controller-rhel8 | 5.4 |
| MEDIUM | CVE-2019-6576 | SIMATIC WinCC: TLS key disclosure enables traffic decryption | SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) | 6.5 |
| CRITICAL | CVE-2024-6877 | Panel: Reflected XSS enables session hijack in ML UI | Panel | - |
| CRITICAL | CVE-2024-6878 | Panel: file exposure enables sensitive ML data collection | Panel | - |
| CRITICAL | CVE-2024-5959 | Panel: Stored XSS enables session hijack in ML dashboards | Panel | - |
| CRITICAL | CVE-2024-5960 | Panel: plaintext credential storage enables domain compromise | Panel | 9.8 |
| CRITICAL | CVE-2024-5958 | Panel: SQL injection enables OS command execution | Panel | - |
| CRITICAL | CVE-2025-14014 | Smart Panel: unauthenticated file upload enables RCE | Smart Panel | 9.8 |
| MEDIUM | CVE-2025-7013 | Menu Panel: IDOR auth bypass exposes confidential data | Menu Panel | 5.7 |
| MEDIUM | CVE-2025-7014 | Menu Panel: session fixation enables session hijacking | Menu Panel | 5.7 |
| HIGH | CVE-2026-4111 | libarchive: infinite loop DoS in RAR5 decompression | rhaiis/vllm-cuda-rhel9 | 7.5 |