Security / AI CVEs / Research

Anthropic MCP Design Flaw Enables RCE Across the AI Ecosystem — 2026-04-22
Apache ActiveMQ CVE-2026-34197 — Claude Discovers 13-Year-Old RCE in 10 Minutes — 2026-04-22
MCPwn: Actively Exploited nginx-ui Auth Bypass (CVE-2026-33032) — 2026-04-22
CERT — CVE-2026-5752 Terrarium Sandbox Escape via Pyodide Prototype Chain Traversal — 2026-04-22
LMDeploy CVE-2026-33626 — SSRF in LLM Serving Toolkit Vision Module — 2026-04-21
SGLang CVE-2026-5760 — RCE via Malicious GGUF Model Files — 2026-04-20
vLLM Patches protobuf.js Remote Code Execution — 2026-04-19
FastGPT NoSQL Injection Auth Bypass (CVE-2026-40351/40352) — 2026-04-18
mcp-neo4j-cypher Read-Only Mode Bypass via Stored Procedures (CVE-2026-35402) — 2026-04-18
OpenClaw — CVE-2026-33579 Privilege Escalation via Missing Scope Validation in Device Pairing — 2026-04-16
GitHub Advisories — MCP Security Vulnerabilities Cluster (CVE-2026-40159, CVE-2026-39885) — 2026-04-12 12:30
LiteLLM — Critical bytecode rewriting RCE (CVE-2026-40217) — 2026-04-11
lollms — Critical stored XSS in social features (CVE-2026-1115) — 2026-04-11
badlogic — pi-mono code injection CVE-2026-5556 exposes AI coding agents — 2026-04-01
griptape — Path traversal CVE-2026-5595 affects AI agent file operations — 2026-04-01
OpenClaw — Critical privilege escalation vulnerability CVE-2026-33579 — 2026-04-01
TheHackerWire — MLflow RCE via model artifact command injection (CVE-2025-15379) — 2026-03-31
BSI Advisory — vLLM Hardcoded trust_remote_code Bypasses User Security (CVE-2026-27893) — 2026-03-30
Azure Data Explorer MCP Server — KQL injection allows arbitrary query execution (CVE-2026-33980) — 2026-03-29
GitHub Advisory — Langflow public flow build RCE (CVE-2026-33017) — 2026-03-21
GitHub Advisory — MCP Go SDK Cross-Site Tool Execution (CVE-2026-33252) — 2026-03-21
Spring AI — FilterExpressionConverter Injection Flaws (CVE-2026-22729, CVE-2026-22730) — 2026-03-20
AWS — API MCP File Access Restriction Bypass (CVE-2026-4270) — 2026-03-19
Miggo Security — LangSmith Account Takeover (CVE-2026-25750) — 2026-03-18
ONNX — Zero-interaction model supply-chain attack (CVE-2026-28500) — 2026-03-18
Orca Security — Pickle RCE in SGLang LLM Framework (CVE-2026-3059/3060) — 2026-03-18
Microsoft — Azure MCP Server SSRF enables managed identity token theft (CVE-2026-26118) — 2026-03-14
Microsoft — Excel XSS weaponizes Copilot Agent for zero-click data exfil (CVE-2026-26144) — 2026-03-14
GitHub Advisory — LangChainJS serialization injection (CVE-2025-68665) — 2026-03-11
OffSec — MLflow LFI via URI fragment (CVE-2024-2928) — 2026-03-11
vLLM — Speculative decoding cache poisoning (CVE-2026-3108) — 2026-03-11
vLLM — SSRF protection bypass via parser differential (CVE-2026-25960) — 2026-03-09
GitHub Advisory — Copilot CLI shell expansion RCE (CVE-2026-29783) — 2026-03-07
GitLab Advisory — mcp-memory-service info disclosure (CVE-2026-29787) — 2026-03-07
GitHub Advisory — Agentgateway MCP→OpenAPI parameter injection (CVE-2026-29791) — 2026-03-06
Arctic Wolf — mcp-atlassian unauth RCE/SSRF (CVE-2026-27825/27826) — 2026-03-05
GitLab Advisory — mcp-nmap-server command injection (CVE-2026-3484) — 2026-03-05
CERT/CC — MS-Agent shell tool command injection (CVE-2026-2256) — 2026-03-05
GitHub Advisory — Langflow CSV Agent RCE (CVE-2026-27966) — 2026-03-04
NVD — MCP TypeScript SDK cross-client data leak (CVE-2026-25536) — 2026-03-03
GitLab Advisory — MCPJam Inspector RCE (CVE-2026-23744) — 2026-03-03
ServiceNow — AI Platform RCE (CVE-2026-0542) — 2026-03-02
GitHub Advisory — vLLM trust_remote_code bypass RCE — 2026-03-02
GitLab Advisory — MCP Go SDK case-folding bug (CVE-2026-27896) — 2026-03-01
GitLab Advisory — mcp-server-git path traversal (CVE-2026-27735) — 2026-03-01
Endor Labs — Six OpenClaw vulnerabilities via AI SAST — 2026-02-28
GitHub Advisory — Cursor Agent MCP special-files prompt injection (CVE-2025-54135) — 2026-02-24
GitHub Advisory — fermat-mcp eqn_chart code injection (CVE-2026-2008) — 2026-02-24
GitHub Advisory — GitHub Kanban MCP Server command injection (CVE-2025-53818) — 2026-02-24
GitHub Advisory — sf-mcp-server command injection RCE (CVE-2026-26029) — 2026-02-24
GitLab Advisory — ebay-mcp env var injection (CVE-2026-27203) — 2026-02-21
ZDI Advisory — gemini-mcp-tool command injection (CVE-2026-0755) — 2026-02-18
GitHub Advisory — vLLM trust_remote_code bypass RCE — 2026-02-17
GitHub Advisory — vLLM Completions API RCE (CVE-2025-62164) — 2026-02-16
NVD — Cloudflare Agents SDK OAuth callback XSS (CVE-2026-1721) — 2026-02-15
GitHub Advisory — godot-mcp command injection RCE (CVE-2026-25546) — 2026-02-08
n8n — CVE-2026-25049: New Sandbox Escape Bypass Enables Full Server Takeover — 2026-02-06
Zafran — ChainLeak: Chainlit AI Framework Bugs Enable Cloud Takeover — 2026-02-05
GitHub Advisory — vLLM RCE in Video Processing (CVE-2026-22778) — 2026-02-04
ZDI — Unpatched RCE in Gemini MCP Tool via command injection (CVE-2026-0755) — 2026-02-03
OX Security — Critical vLLM RCE via malicious video URL (CVE-2026-22778) — 2026-02-03
AISLE — AI Discovers 12 OpenSSL Zero-Days Including a 27-Year-Old Bug — 2026-02-01
INCIBE-CERT — github-kanban-mcp-server command injection (CVE-2026-0756) — 2026-01-31
Microsoft Security Blog — LangChain Core serialization injection (CVE-2025-68664) — 2026-01-31
Obsidian Security — Langflow account takeover + RCE chain (CVE-2025-34291) — 2026-01-31
GitHub Advisory — vLLM DoS via 1×1 image (CVE-2026-22773) — 2026-01-31
GitHub Advisory — vLLM multimodal SSRF (CVE-2026-24779) — 2026-01-31
Cyata — Prompt-injection reachable CVEs in Anthropic’s official Git MCP server — 2026-01-30
Fortinet — FortiCloud SSO auth bypass exploited in the wild (CVE-2026-24858) — 2026-01-30
Kyverno (CVE-2026-22039) — Namespaced Policy apiCall can cross namespace boundaries — 2026-01-30
NVD — MCP TypeScript SDK UriTemplate ReDoS (CVE-2026-0621) — 2026-01-30
Microsoft — CVE-2026-21509 (Office) emergency out-of-band fix — 2026-01-30
GitHub Advisory — Orval MCP generation code injection risk (CVE-2026-22785) — 2026-01-30
GitHub Advisory — vLLM model-load RCE risk via auto_map (CVE-2026-22807) — 2026-01-30
GitHub/NVD: vm2 sandbox escape (CVE-2026-22709) enables host code execution — 2026-01-30
AI-related CVEs: a practical tracker and triage workflow — 2026-01-29