AI Threat Alert
Phishing
Adversaries may send phishing messages to gain access to victim systems. All forms of phishing are electronically delivered social engineering. Phishing can be targeted, known as spearphishing. In spearphishing, a specific individual, company, or industry will be targeted by the adversary. More generally, adversaries can conduct non-targeted phishing, such as in mass malware spam campaigns. Generative AI, including LLMs that generate synthetic text, visual deepfakes of faces, and audio deepfakes of speech (See [Generate Deepfakes](/techniques/AML.T0088)), is enabling adversaries to scale targeted phishing campaigns (See [Spearphishing via Social Engineering LLM](/techniques/AML.T0052.000)). LLMs can interact with users via text conversations and can be programmed with a system prompt to phish for sensitive information. Deepfakes can also be used in [Impersonation](/techniques/AML.T0073) as an aid to phishing.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-25750 | langsmith: security flaw enables exploitation | langsmith | 8.1 |
| MEDIUM | GHSA-564p-rx2q-4c8v | BentoML: open redirect exposes ML teams to phishing | bentoml | 6.1 |
| MEDIUM | CVE-2024-8021 | Gradio: open redirect exposes AI demo users to phishing | gradio | 6.1 |
| MEDIUM | CVE-2024-4940 | Gradio: open redirect enables phishing against ML users | gradio | 6.1 |
| MEDIUM | CVE-2025-58177 | n8n: stored XSS in LangChain chat trigger (public) | n8n | 5.4 |
| MEDIUM | CVE-2025-49592 | n8n: open redirect enables phishing via login flow | n8n | 5.4 |
| MEDIUM | GHSA-q4fm-pjq6-m63g | n8n: Stored XSS in Form Trigger enables phishing | n8n | 5.4 |
| MEDIUM | CVE-2026-28415 | gradio: Info Disclosure leaks sensitive data | gradio | 4.7 |
| MEDIUM | GHSA-w673-8fjw-457c | n8n: stored XSS enables phishing via Form Node | n8n | 4.1 |
| UNKNOWN | CVE-2026-42230 | n8n: MCP OAuth open redirect enables phishing | n8n | — |
| MEDIUM | CVE-2025-61669 | jupyter-server: Open redirect enables credential phishing | jupyter-server | — |
| MEDIUM | CVE-2026-33709 | JupyterHub: open redirect enables post-login phishing | — | |
| MEDIUM | CVE-2026-23528 | — | ||
| LOW | CVE-2025-50736 | pdf2zh: security flaw enables exploitation | — |