AI Component

Inference

Inference servers are the most actively-exploited component of the AI stack because they sit between the model and the public internet and they hold the GPU. The shape of the bugs is mostly web-app classes magnified by the cost of compute: missing auth on /v1 endpoints, SSRF that escapes the sandbox onto the platform's control plane, unsafe deserialization on model-loading paths, and path traversal in artifact-management endpoints. vLLM, Triton, TGI, BentoML, Ray Serve, and Ollama have each shipped multiple high-severity CVEs since 2023; CVE-2024-11041 in vLLM was a notable example combining prompt injection with code execution. Multi-tenant deployments are particularly exposed because a single bug typically crosses tenant boundaries. Defenses: aggressive patching, mandatory auth, network segmentation between inference and control plane, and per-tenant resource quotas to bound abuse.

699
Total CVEs
35
Pages
Page 32 of 35
Current
Severity CVE CVSS
MEDIUM CVE-2026-50634 6.5
CRITICAL CVE-2026-48746 9.1
HIGH CVE-2026-41523 7.5
MEDIUM CVE-2026-47748 5.5
HIGH CVE-2026-47749 7.8
CRITICAL CVE-2026-49468 8.1
HIGH CVE-2026-47750 7.8
HIGH CVE-2026-47747 7.8
CRITICAL CVE-2026-46858 9.1
MEDIUM CVE-2026-12491 4.8
MEDIUM CVE-2026-54014 4.3
HIGH CVE-2026-54008 8.5
MEDIUM CVE-2026-54233 6.5
MEDIUM CVE-2026-54236 5.3
UNKNOWN CVE-2026-53923 -
MEDIUM GHSA-8jr5-v98p-w75m 4.8
UNKNOWN CVE-2026-54235 -
CRITICAL CVE-2026-35304 9.8
CRITICAL CVE-2026-35306 9.3
CRITICAL CVE-2026-35307 10.0

Page 32 of 35