AI Component

Inference

Inference servers are the most actively-exploited component of the AI stack because they sit between the model and the public internet and they hold the GPU. The shape of the bugs is mostly web-app classes magnified by the cost of compute: missing auth on /v1 endpoints, SSRF that escapes the sandbox onto the platform's control plane, unsafe deserialization on model-loading paths, and path traversal in artifact-management endpoints. vLLM, Triton, TGI, BentoML, Ray Serve, and Ollama have each shipped multiple high-severity CVEs since 2023; CVE-2024-11041 in vLLM was a notable example combining prompt injection with code execution. Multi-tenant deployments are particularly exposed because a single bug typically crosses tenant boundaries. Defenses: aggressive patching, mandatory auth, network segmentation between inference and control plane, and per-tenant resource quotas to bound abuse.

698
Total CVEs
35
Pages
Page 27 of 35
Current
Severity CVE CVSS
MEDIUM GHSA-68f8-9mhj-h2mp -
CRITICAL CVE-2026-0596 9.6
HIGH CVE-2026-34445 8.6
HIGH CVE-2026-34760 7.1
MEDIUM GHSA-9q7v-8mr7-g23p -
MEDIUM CVE-2026-34756 6.5
CRITICAL CVE-2026-35030 9.1
HIGH CVE-2026-35029 8.8
MEDIUM CVE-2026-34755 6.5
MEDIUM CVE-2026-34753 5.4
MEDIUM CVE-2026-5530 6.3
HIGH CVE-2026-34940 8.8
HIGH CVE-2026-35485 7.5
HIGH GHSA-69x8-hrgq-fjj8 -
MEDIUM CVE-2026-39411 5.0
HIGH CVE-2026-40217 8.8
MEDIUM CVE-2026-40086 5.3
CRITICAL GHSA-r75f-5x8p-qvmc -
HIGH GHSA-xqmj-j6mv-4862 -
HIGH GHSA-v4p8-mg3p-g94g -

Page 27 of 35