AI Threat Alert
Social Engineering
Generative AI lowers the cost of social engineering by orders of magnitude. Spear-phishing emails that previously required a fluent writer and target research are now produced in seconds with reasonable per-target personalisation. Voice cloning (ElevenLabs, OpenVoice, and others) enables real-time impersonation of executives and family members; multiple confirmed business-email-compromise and CFO-fraud incidents in 2023-2024 used cloned voices. Deepfake video is good enough for short verification clips and live calls under poor video conditions. Beyond direct attacks, AI-generated content fuels disinformation campaigns, fake review economies, and pig-butchering scams at unprecedented scale. AI Threat Alert tracks this category through CVEs in voice/face-recognition systems that fail to detect synthetic media, plus incidents in AIID (the AI Incident Database). Defenses: out-of-band verification for sensitive actions, deepfake detection layered with provenance signals (C2PA), and user education that assumes any voice or video can be faked.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-27495 | n8n: Code Injection enables RCE | n8n | 9.9 |
| CRITICAL | CVE-2026-27577 | n8n: Code Injection enables RCE | n8n | 9.9 |
| MEDIUM | CVE-2025-58177 | n8n: stored XSS in LangChain chat trigger (public) | n8n | 5.4 |
| MEDIUM | CVE-2025-7021 | OpenAI Operator: fullscreen spoofing captures credentials | operator | 6.5 |
| MEDIUM | CVE-2021-28796 | Qiita::Markdown: XSS in transformer components | 6.1 | |
| LOW | CVE-2025-3777 | Transformers: URL validation bypass exposes image pipeline | transformers | 3.5 |
| MEDIUM | CVE-2024-4940 | Gradio: open redirect enables phishing against ML users | gradio | 6.1 |
| MEDIUM | CVE-2024-8021 | Gradio: open redirect exposes AI demo users to phishing | gradio | 6.1 |
| MEDIUM | CVE-2026-26320 | OpenClaw: UI deception enables arbitrary command execution | openclaw | 6.5 |
| MEDIUM | CVE-2024-37146 | Flowise: reflected XSS enables credential theft | flowise | 6.1 |
| HIGH | CVE-2026-26286 | sillytavern: SSRF allows internal network access | 8.5 | |
| MEDIUM | CVE-2025-49592 | n8n: open redirect enables phishing via login flow | n8n | 5.4 |
| HIGH | CVE-2026-21893 | n8n: Input Validation flaw enables exploitation | n8n | 7.2 |
| MEDIUM | CVE-2026-25631 | n8n: Input Validation flaw enables exploitation | n8n | 6.5 |
| CRITICAL | CVE-2025-62593 | ray: Code Injection enables RCE | ray | - |
| HIGH | CVE-2025-64496 | open-webui: Code Injection enables RCE | open-webui | 7.3 |
| LOW | CVE-2025-50736 | pdf2zh: security flaw enables exploitation | pdf2zh | - |
| LOW | CVE-2025-59842 | JupyterLab: missing noopener enables reverse tabnabbing | jupyterlab | - |
| HIGH | CVE-2025-47783 | Label Studio: XSS enables unauthorized actions via CSRF | label-studio | - |
| MEDIUM | GHSA-564p-rx2q-4c8v | BentoML: open redirect exposes ML teams to phishing | bentoml | 6.1 |
Page 1 of 2