AI Threat Alert
ATLAS Landscape
AML.T0021
Establish Accounts
Adversaries may create accounts with various services for use in targeting, to gain access to resources needed in [AI Attack Staging](/tactics/AML.TA0001), or for victim impersonation.
13 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-41267 | Flowise: mass assignment auth bypass in registration | flowise | 9.8 |
| CRITICAL | CVE-2023-6014 | MLflow: auth bypass allows arbitrary account creation | mlflow | 9.8 |
| HIGH | CVE-2026-24780 | agpt: Code Injection enables RCE | 8.8 | |
| HIGH | CVE-2025-66448 | vllm: Code Injection enables RCE | vllm | 8.8 |
| HIGH | CVE-2026-33175 | oauthenticator: auth bypass enables JupyterHub account takeover | 8.8 | |
| HIGH | CVE-2026-44513 | diffusers: trust_remote_code bypass enables silent RCE | diffusers | 8.8 |
| HIGH | GHSA-48m6-ch88-55mj | Flowise: Mass Assignment allows cross-tenant org takeover | flowise | 8.1 |
| HIGH | CVE-2024-7036 | open-webui: unauthenticated DoS disables Admin panel | open-webui | 7.5 |
| HIGH | CVE-2026-44567 | Open WebUI: auth bypass gives pending users full LLM access | open-webui | 7.3 |
| HIGH | CVE-2025-1473 | MLflow: CSRF in signup allows rogue account creation | mlflow | 7.1 |
| MEDIUM | CVE-2022-36551 | Label Studio: SSRF + file read, self-reg bypass | label-studio | 6.5 |
| MEDIUM | CVE-2025-1474 | MLflow: passwordless accounts enable persistent backdoor | mlflow | 5.5 |
| UNKNOWN | CVE-2026-42235 | n8n: stored XSS via MCP OAuth steals agent sessions | n8n | — |