A two-stage exploit chain in vLLM's multimodal video processing bypasses ASLR through PIL exception leakage, then achieves heap overflow via a malicious JPEG2000 file, giving unauthenticated attackers code execution on inference servers.
CVEs, exploits, and security flaws in AI frameworks, models, and infrastructure.
A two-stage exploit chain in vLLM's multimodal video processing bypasses ASLR through PIL exception leakage, then achieves heap overflow via a malicious JPEG2000 file, giving unauthenticated attackers code execution on inference servers.
A coordinated disclosure of 13 critical vm2 vulnerabilities in May 2026 exposed a structural problem: AI agent frameworks that use vm2 as a code execution sandbox convert a prompt injection into host-level RCE the moment the sandbox breaks. Here's the chain and what to do about it.
A three-flaw chain in Microsoft AutoGen Studio's MCP WebSocket surface lets a malicious webpage execute arbitrary commands on the host via an AI browsing agent. Microsoft patched in June 2026.
A sandbox bypass in Cursor's agentic mode lets attackers poison shell environment variables through implicitly trusted built-ins, converting approved commands like git branch or python3 into arbitrary code execution.
A vulnerability in Discourse's AI content triage feature lets a malicious user craft a post that prompt-injects the LLM into returning JavaScript, which is then rendered unescaped in the admin review queue. Patch available.