AI CVEs
- GitHub Advisory — Copilot CLI shell expansion RCE (CVE-2026-29783) — 2026-03-07
- GitLab Advisory — mcp-memory-service info disclosure (CVE-2026-29787) — 2026-03-07
- GitHub Advisory — Agentgateway MCP→OpenAPI parameter injection (CVE-2026-29791) — 2026-03-06
- Arctic Wolf — mcp-atlassian unauth RCE/SSRF (CVE-2026-27825/27826) — 2026-03-05
- GitLab Advisory — mcp-nmap-server command injection (CVE-2026-3484) — 2026-03-05
- CERT/CC — MS-Agent shell tool command injection (CVE-2026-2256) — 2026-03-05
- GitHub Advisory — Langflow CSV Agent RCE (CVE-2026-27966) — 2026-03-04
- NVD — MCP TypeScript SDK cross-client data leak (CVE-2026-25536) — 2026-03-03
- GitLab Advisory — MCPJam Inspector RCE (CVE-2026-23744) — 2026-03-03
- ServiceNow — AI Platform RCE (CVE-2026-0542) — 2026-03-02
- GitHub Advisory — vLLM trust_remote_code bypass RCE — 2026-03-02
- GitLab Advisory — MCP Go SDK case-folding bug (CVE-2026-27896) — 2026-03-01
- GitLab Advisory — mcp-server-git path traversal (CVE-2026-27735) — 2026-03-01
- Endor Labs — Six OpenClaw vulnerabilities via AI SAST — 2026-02-28
- GitHub Advisory — Cursor Agent MCP special-files prompt injection (CVE-2025-54135) — 2026-02-24
- GitHub Advisory — fermat-mcp eqn_chart code injection (CVE-2026-2008) — 2026-02-24
- GitHub Advisory — GitHub Kanban MCP Server command injection (CVE-2025-53818) — 2026-02-24
- GitHub Advisory — sf-mcp-server command injection RCE (CVE-2026-26029) — 2026-02-24
- GitLab Advisory — ebay-mcp env var injection (CVE-2026-27203) — 2026-02-21
- ZDI Advisory — gemini-mcp-tool command injection (CVE-2026-0755) — 2026-02-18
- GitHub Advisory — vLLM trust_remote_code bypass RCE — 2026-02-17
- GitHub Advisory — vLLM Completions API RCE (CVE-2025-62164) — 2026-02-16
- NVD — Cloudflare Agents SDK OAuth callback XSS (CVE-2026-1721) — 2026-02-15
- GitHub Advisory — godot-mcp command injection RCE (CVE-2026-25546) — 2026-02-08
- n8n — CVE-2026-25049: New Sandbox Escape Bypass Enables Full Server Takeover — 2026-02-06
- Zafran — ChainLeak: Chainlit AI Framework Bugs Enable Cloud Takeover — 2026-02-05
- GitHub Advisory — vLLM RCE in Video Processing (CVE-2026-22778) — 2026-02-04
- ZDI — Unpatched RCE in Gemini MCP Tool via command injection (CVE-2026-0755) — 2026-02-03
- OX Security — Critical vLLM RCE via malicious video URL (CVE-2026-22778) — 2026-02-03
- AISLE — AI Discovers 12 OpenSSL Zero-Days Including a 27-Year-Old Bug — 2026-02-01
- INCIBE-CERT — github-kanban-mcp-server command injection (CVE-2026-0756) — 2026-01-31
- Microsoft Security Blog — LangChain Core serialization injection (CVE-2025-68664) — 2026-01-31
- Obsidian Security — Langflow account takeover + RCE chain (CVE-2025-34291) — 2026-01-31
- GitHub Advisory — vLLM DoS via 1×1 image (CVE-2026-22773) — 2026-01-31
- GitHub Advisory — vLLM multimodal SSRF (CVE-2026-24779) — 2026-01-31
- Cyata — Prompt-injection reachable CVEs in Anthropic’s official Git MCP server — 2026-01-30
- Fortinet — FortiCloud SSO auth bypass exploited in the wild (CVE-2026-24858) — 2026-01-30
- Kyverno (CVE-2026-22039) — Namespaced Policy apiCall can cross namespace boundaries — 2026-01-30
- NVD — MCP TypeScript SDK UriTemplate ReDoS (CVE-2026-0621) — 2026-01-30
- Microsoft — CVE-2026-21509 (Office) emergency out-of-band fix — 2026-01-30
- GitHub Advisory — Orval MCP generation code injection risk (CVE-2026-22785) — 2026-01-30
- GitHub Advisory — vLLM model-load RCE risk via auto_map (CVE-2026-22807) — 2026-01-30
- GitHub/NVD: vm2 sandbox escape (CVE-2026-22709) enables host code execution — 2026-01-30
- AI-related CVEs: a practical tracker and triage workflow — 2026-01-29