Framework
AI/ML frameworks sit at the bottom of every AI stack — virtually every production AI system depends transitively on PyTorch or TensorFlow at the training layer, and on LangChain, LlamaIndex, or a similar orchestrator at the application layer. That concentration means a single vulnerability often affects tens of thousands of downstream services. The CVE patterns are recognisable: unsafe deserialization in model loading (the long tail of pickle), template injection in LangChain's prompt-construction utilities, SSRF in LlamaIndex's data-loader connectors, and path traversal in MLflow's experiment storage. PyTorch itself has shipped several high-severity CVEs around its distributed RPC layer. Because these libraries upgrade frequently and downstream applications pin loosely, patching is a real operational problem. AI Threat Alert tracks framework-level CVEs prominently because a single advisory often means urgent work for hundreds of teams.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| LOW | CVE-2026-32058 | OpenClaw: approval bypass enables unauthorized agent execution | OpenClaw | 2.6 |
| HIGH | CVE-2026-32051 | OpenClaw: auth bypass lets operators invoke owner control-plane | OpenClaw | 8.8 |
| HIGH | CVE-2026-32056 | OpenClaw: RCE via shell env var injection in system.run | OpenClaw | 7.5 |
| HIGH | CVE-2026-32057 | OpenClaw: auth bypass grants unauthorized agent control access | OpenClaw | 7.1 |
| MEDIUM | CVE-2026-32061 | OpenClaw: $include path traversal exposes secrets | openclaw | 4.4 |
| MEDIUM | CVE-2026-32065 | OpenClaw: approval bypass enables unauthorized command exec | OpenClaw | 4.8 |
| HIGH | CVE-2026-32914 | OpenClaw: access control bypass in config/debug handlers | OpenClaw | 8.8 |
| CRITICAL | CVE-2026-32913 | OpenClaw: auth header leak via cross-origin redirect | OpenClaw | 9.3 |
| MEDIUM | CVE-2026-32898 | OpenClaw: ACP bypass enables silent tool execution | OpenClaw | 5.4 |
| HIGH | CVE-2026-32915 | OpenClaw: sandbox bypass enables sibling agent hijack | OpenClaw | 8.8 |
| MEDIUM | CVE-2026-32919 | OpenClaw: auth bypass enables unauthorized session reset | OpenClaw | 6.1 |
| HIGH | CVE-2026-32918 | OpenClaw: session sandbox escape exposes cross-agent state | OpenClaw | 8.4 |
| HIGH | CVE-2026-33572 | OpenClaw: insecure transcript files expose agent secrets | OpenClaw | 8.4 |
| CRITICAL | CVE-2026-32987 | OpenClaw: bootstrap code replay escalates to operator.admin | OpenClaw | 9.8 |
| HIGH | CVE-2026-32988 | OpenClaw: sandbox escape via fs-bridge TOCTOU race | OpenClaw | 7.5 |
| MEDIUM | CVE-2026-32977 | OpenClaw: TOCTOU race condition enables sandbox file escape | OpenClaw | 6.3 |
| HIGH | CVE-2026-33573 | OpenClaw: workspace boundary bypass, arbitrary exec | OpenClaw | 8.8 |
| HIGH | CVE-2026-33577 | OpenClaw: scope bypass lets low-priv ops elevate node access | OpenClaw | 8.1 |
| MEDIUM | CVE-2026-33581 | OpenClaw: sandbox bypass enables arbitrary file read | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-35618 | OpenClaw: Plivo V2 replay bypass allows unauth actions | OpenClaw | 6.5 |