Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-48519 | Langflow: unauthenticated RCE via Shareable Playground | langflow | 9.6 |
| MEDIUM | CVE-2026-42867 | Langflow: path traversal enables arbitrary file write | langflow | 6.5 |
| HIGH | CVE-2026-33760 | Langflow: IDOR exposes cross-user LLM data and deletion | langflow | 8.8 |
| UNKNOWN | CVE-2026-54311 | n8n: prototype pollution leaks cross-user workflow data | n8n | - |
| MEDIUM | CVE-2026-54306 | n8n: webhook prototype pollution enables confused deputy | n8n | - |
| HIGH | CVE-2026-54301 | n8n: XSS via CSP bypass steals user sessions | n8n | - |
| MEDIUM | CVE-2026-54308 | n8n: unauthed webhook bypass hijacks AI agent workflows | n8n | - |
| HIGH | GHSA-hv7x-3x78-gx53 | n8n: auth bypass lets read-only users execute workflows | n8n | 7.4 |
| UNKNOWN | CVE-2026-49444 | n8n: Python sandbox escape enables container RCE | n8n | - |
| MEDIUM | CVE-2026-53844 | OpenClaw: auth bypass exposes cross-session agent memory | openclaw | 6.5 |
| MEDIUM | CVE-2026-53845 | OpenClaw: hook bypass enables audit/policy evasion | openclaw | 4.3 |
| HIGH | CVE-2026-53846 | OpenClaw: path traversal enables arbitrary package-manager exec | openclaw | 7.1 |
| MEDIUM | CVE-2026-53848 | OpenClaw: exec allowlist bypass via command wrappers | openclaw | 4.3 |
| MEDIUM | CVE-2026-53850 | OpenClaw: auth bypass allows unauthorized focus state change | openclaw | 5.5 |
| HIGH | CVE-2026-53853 | OpenClaw: exec allowlist bypass enables unrestricted RCE | openclaw | 8.3 |
| MEDIUM | CVE-2026-53854 | OpenClaw: privilege escalation via channel auth wildcard | openclaw | 6.5 |
| HIGH | CVE-2026-53857 | OpenClaw: display name spoofing bypasses agent allowFrom policy | openclaw | 8.1 |
| HIGH | CVE-2026-53858 | OpenClaw: env var injection loads malicious runtime deps | openclaw | 7.1 |
| HIGH | CVE-2026-53864 | OpenClaw: env var bypass enables child process code exec | openclaw | 8.1 |
| HIGH | CVE-2026-53865 | OpenClaw: path traversal enables arbitrary local code exec | openclaw | 7.1 |