Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-27183 | OpenClaw: shell allowlist bypass via dispatch wrapper depth | OpenClaw | 5.3 |
| MEDIUM | CVE-2026-27524 | OpenClaw: prototype pollution bypasses command gate | OpenClaw | 4.3 |
| MEDIUM | CVE-2026-27523 | OpenClaw: sandbox path traversal bypasses bind isolation | OpenClaw | 6.1 |
| MEDIUM | CVE-2026-27670 | OpenClaw: TOCTOU race enables arbitrary file write in agents | OpenClaw | 5.3 |
| HIGH | CVE-2026-31992 | OpenClaw: guardrail allowlist bypass enables arbitrary command execution | OpenClaw | 7.1 |
| MEDIUM | CVE-2026-31999 | OpenClaw: CWD injection enables integrity loss on Windows | OpenClaw | 6.3 |
| MEDIUM | CVE-2026-32005 | OpenClaw: auth bypass enables AI agent session poisoning | OpenClaw | 6.8 |
| HIGH | CVE-2026-32015 | OpenClaw: PATH hijack bypasses exec allowlist controls | OpenClaw | 7.8 |
| HIGH | CVE-2026-32013 | OpenClaw: symlink traversal enables host file read/write | OpenClaw | 8.8 |
| MEDIUM | CVE-2026-32010 | OpenClaw: safeBins bypass enables arbitrary code execution | OpenClaw | 6.3 |
| MEDIUM | CVE-2026-32009 | OpenClaw: binary hijacking via safeBins path bypass | OpenClaw | 5.7 |
| HIGH | CVE-2026-32014 | OpenClaw: metadata spoofing bypasses agent command policies | OpenClaw | 8.0 |
| LOW | CVE-2026-32018 | OpenClaw: race condition corrupts sandbox registry state | OpenClaw | 3.6 |
| HIGH | CVE-2026-32025 | OpenClaw: WebSocket auth bypass enables agent hijack | OpenClaw | 7.5 |
| HIGH | CVE-2026-32023 | OpenClaw: approval gating bypass enables shell execution | OpenClaw | 7.1 |
| MEDIUM | CVE-2026-32027 | OpenClaw: authorization bypass in group sender allowlist | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-32029 | OpenClaw: IP spoofing bypasses rate-limiting controls | OpenClaw | 5.3 |
| CRITICAL | CVE-2026-32038 | OpenClaw: sandbox bypass enables container lateral movement | OpenClaw | 9.8 |
| HIGH | CVE-2026-32048 | OpenClaw: sandbox escape via cross-agent spawn bypass | OpenClaw | 7.5 |
| HIGH | CVE-2026-32055 | OpenClaw: path traversal enables arbitrary file write | OpenClaw | 7.6 |