CISA added CVE-2026-42271 to KEV after Horizon3.ai chained the LiteLLM MCP command injection flaw with a Starlette auth bypass for unauthenticated RCE. Federal deadline: June 22.
CVEs, exploits, and security flaws in AI frameworks, models, and infrastructure.
CISA added CVE-2026-42271 to KEV after Horizon3.ai chained the LiteLLM MCP command injection flaw with a Starlette auth bypass for unauthenticated RCE. Federal deadline: June 22.
A flawed permission check in Anthropic's Claude Code GitHub Action allowed attackers to use prompt injection via a crafted issue to steal CI/CD secrets. Patched in v1.0.94.
Hundreds of backdoored and malware-laced models have been found in public AI registries. Covers pickle RCE, activation-trigger backdoors, and enterprise controls for model intake.
SafeBreach Labs documented a prompt injection attack hiding malicious commands inside WhatsApp, Slack, or SMS notifications. Gemini treats hostile text as trusted. Patched Nov 2025.
RAG pipelines introduce document poisoning, indirect prompt injection via retrieved content, and semantic access control gaps that most security teams have not assessed.