AI Threat Alert
ATLAS Landscape
AML.T0112
Machine Compromise
Adversaries may compromise a machine by exploiting or manipulating AI-enabled components on the system. Compromising a victim system allows the adversary to execute arbitrary code, steal credentials, exfiltrate data, and continue to persist on the system. Adversaries may target a [Local AI Agent](/techniques/AML.T0112.000) which if compromised grants them the capabilities and permissions of the agent, or [AI Artifacts](/techniques/AML.T0112.001) which can contain embedded malware.
6 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-30741 | OpenClaw: RCE via request-side prompt injection | openclaw | 9.8 |
| HIGH | CVE-2026-42079 | PPTAgent: eval injection enables RCE via LLM prompt injection | 8.6 | |
| MEDIUM | CVE-2026-7669 | SGLang: deserialization in tokenizer loader enables RCE | sglang | 5.6 |
| UNKNOWN | CVE-2026-42231 | n8n: prototype pollution → RCE via Git node SSH | n8n | — |
| UNKNOWN | CVE-2026-42249 | Ollama: path traversal + unsigned update = silent RCE | ollama | — |
| UNKNOWN | CVE-2026-42248 | Ollama: silent auto-update bypasses signature check on Windows | ollama | — |