AI Threat Alert
ATLAS Landscape
AML.T0034.000
Excessive Queries
Adversaries may send an excessive number of otherwise normal or low-complexity queries to an AI system with the goal of overwhelming its capacity and increasing operating costs. The attacker can automate high-volume request generation, exploiting rate limits, autoscaling policies, and pay-per-use billing models to drive sustained resource consumption without relying on specially crafted, computationally expensive inputs. This behavior can also lead to increased latency, request queuing, and service degradation or unavailability for legitimate users, as the system struggles to process the inflated traffic.
8 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-40116 | PraisonAI: unauth WebSocket drains OpenAI API credits | praisonai | 7.5 |
| HIGH | CVE-2026-41279 | Flowise: unauth API key abuse via TTS endpoint IDOR | flowise | 7.5 |
| MEDIUM | CVE-2026-44563 | open-webui: auth bypass exposes restricted LLM models | open-webui | 5.4 |
| MEDIUM | CVE-2026-6393 | BetterDocs: Auth bypass drains OpenAI API quota | 4.3 | |
| MEDIUM | CVE-2026-35640 | openclaw: unauthenticated webhook parsing enables DoS | openclaw | — |
| MEDIUM | GHSA-h43v-27wg-5mf9 | OpenClaw: pre-auth signature bypass enables pairing DoS | openclaw | — |
| LOW | GHSA-25wv-8phj-8p7r | OpenClaw: auth rate-limit bypass via async race condition | openclaw | — |
| MEDIUM | GHSA-wwfp-w96m-c6x8 | OpenClaw: pairing DoS blocks account onboarding | openclaw | — |