AI Threat Alert
Social Engineering
Generative AI lowers the cost of social engineering by orders of magnitude. Spear-phishing emails that previously required a fluent writer and target research are now produced in seconds with reasonable per-target personalisation. Voice cloning (ElevenLabs, OpenVoice, and others) enables real-time impersonation of executives and family members; multiple confirmed business-email-compromise and CFO-fraud incidents in 2023-2024 used cloned voices. Deepfake video is good enough for short verification clips and live calls under poor video conditions. Beyond direct attacks, AI-generated content fuels disinformation campaigns, fake review economies, and pig-butchering scams at unprecedented scale. AI Threat Alert tracks this category through CVEs in voice/face-recognition systems that fail to detect synthetic media, plus incidents in AIID (the AI Incident Database). Defenses: out-of-band verification for sensitive actions, deepfake detection layered with provenance signals (C2PA), and user education that assumes any voice or video can be faked.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2024-7044 | Open WebUI: Stored XSS via file upload, session hijack | open-webui | 6.8 |
| HIGH | CVE-2025-23205 | nbgrader: Clickjacking exposes formgrader via IFrame | - | |
| MEDIUM | CVE-2024-6581 | Lollms: SVG upload XSS enables session hijack and RCE | lollms | 6.5 |
| MEDIUM | CVE-2026-33720 | n8n: OAuth state forgery hijacks user credentials | n8n | 4.2 |
| MEDIUM | GHSA-364x-8g5j-x2pr | n8n: stored XSS via malicious OAuth2 Authorization URL | n8n | 5.4 |
| MEDIUM | GHSA-w673-8fjw-457c | n8n: stored XSS enables phishing via Form Node | n8n | 4.1 |
| MEDIUM | GHSA-q4fm-pjq6-m63g | n8n: Stored XSS in Form Trigger enables phishing | n8n | 5.4 |
| MEDIUM | CVE-2026-33709 | JupyterHub: open redirect enables post-login phishing | jupyterhub | - |
| MEDIUM | CVE-2026-35651 | OpenClaw: ANSI injection spoof AI agent approval prompts | openclaw | 4.3 |
| UNKNOWN | CVE-2026-42230 | n8n: MCP OAuth open redirect enables phishing | n8n | - |
| MEDIUM | CVE-2025-61669 | jupyter-server: Open redirect enables credential phishing | jupyter-server | - |
| MEDIUM | CVE-2026-42045 | LobeChat: XSS-to-RCE via exposed Electron IPC | @lobehub/lobehub | 6.2 |
| HIGH | CVE-2026-42557 | JupyterLab: one-click RCE via notebook HTML cell output | notebook | - |
| MEDIUM | CVE-2026-44550 | open-webui: mass assignment enables cross-user folder injection | open-webui | 5.0 |
| MEDIUM | CVE-2026-44568 | open-webui: XSS in pending overlay enables session hijack | open-webui | 4.8 |
| MEDIUM | CVE-2026-44899 | mistune: CSS injection enables phishing UI overlay | mistune | 4.7 |
| HIGH | CVE-2026-45303 | Open WebUI: XSS iframe allows auth token exfiltration | open-webui | 7.7 |
| HIGH | CVE-2026-45665 | open-webui: Stored XSS enables Super Admin session hijack | open-webui | 8.1 |
Page 2 of 2