RAXE LABS

Security Advisories

AI/ML security advisories and guides across 4 research streams. Vulnerability research, threat analysis, and practitioner guidance.

12Critical
12High
5Medium
0Low
30Total
117Signatures
Latest Advisory

vLLM Hardcoded trust_remote_code Bypass Enables Remote Code Execution via Malicious Model Repositories (CVE-2026-27893)

RAXE-2026-044 HIGH

CVE-2026-27893 is a high-severity protection mechanism failure in vLLM, the widely-used open-source LLM inference and serving engine, whereby two model implementation files hardcode `trust_remote_code

Agent Security 3 CVEs 4 sigs
Mar 27, 2026 M. Hirani

Hardening Your Environment Against Software Supply Chain Attacks

RAXE-2026-045 CRITICAL GUIDE
Supply Chain 1 CVE
Mar 31, 2026 M. Hirani

Langflow Unauthenticated Code Injection RCE via Public Flow Build Endpoint (CVE-2026-33017)

RAXE-2026-043 CRITICAL CVSS 9.8
Agent Security 3 CVEs 4 sigs
Mar 27, 2026 M. Hirani

llama.cpp GGUF Integer Overflow Heap Buffer Overflow via Crafted Tensor Dimensions (CVE-2026-33298)

RAXE-2026-042 HIGH
Supply Chain 1 CVE
Mar 26, 2026 M. Hirani

Spring AI Vector Store Filter Injection — JSONPath and SQL Injection Bypass Multi-Tenant Access Controls

RAXE-2026-041 HIGH CVSS 8.6
Agent Security 2 CVEs 5 sigs
Mar 22, 2026 M. Hirani

Claude Code Workspace Trust Dialog Bypass via Repository Settings (CVE-2026-33068)

RAXE-2026-040 HIGH CVSS 7.7
Agent Security 1 CVE 1 sig
Mar 20, 2026 M. Hirani

ONNX Hub Silent Security Warning Bypass Enables Supply Chain Attacks (CVE-2026-28500)

RAXE-2026-039 CRITICAL CVSS 9.1
S3: Supply Chain 1 CVE 4 sigs
Mar 20, 2026 M. Hirani

AnythingLLM Desktop: Streaming XSS to Remote Code Execution

RAXE-2026-038 CRITICAL CVSS 9.6
S4: Prompt Injection / Input Handling 1 CVE 5 sigs
Mar 20, 2026 M. Hirani

Graphiti Temporal Knowledge Graph Cypher Injection via Unsanitised Search Filters

RAXE-2026-037 HIGH CVSS 8.1
Agent Security 1 CVE 4 sigs
Mar 15, 2026 M. Hirani

MCP Atlassian SSRF: Unauthenticated Server-Side Request Forgery Enabling Credential Theft and Prompt Injection (CVE-2026-27826)

RAXE-2026-034 HIGH
S2: Agent Security 1 CVE 4 sigs
Mar 12, 2026 M. Hirani

Flowise LLM Orchestration Platform Six-Vulnerability Cluster: Missing Authentication, File Upload, Auth Bypass, IDOR, Mass Assignment, and SSRF

RAXE-2026-033 CRITICAL
S2: Agent Security 6 CVEs 7 sigs
Mar 12, 2026 M. Hirani

claude-code-ui Triple Command Injection (CVE-2026-31975, CVE-2026-31862, CVE-2026-31861)

RAXE-2026-032 CRITICAL CVSS 9.8
Supply Chain 3 CVEs 3 sigs
Mar 11, 2026 M. Hirani

HuggingFace smolagents SSRF via LocalPythonExecutor (CVE-2026-2654)

RAXE-2026-031 CRITICAL CVSS 9.8
Agent Security 1 CVE 4 sigs
Mar 11, 2026 M. Hirani

MLflow Auth Bypass to RCE via Artifact Path Traversal (CVE-2026-2635 + CVE-2026-2033)

RAXE-2026-030 CRITICAL CVSS 8.1
Agent Security 4 CVEs 5 sigs
Mar 11, 2026 M. Hirani

CVE-2026-28795: OpenChatBI Path Traversal via save_report Tool

RAXE-2026-028 CRITICAL CVSS 9.8
Supply Chain 1 CVE 5 sigs
Mar 10, 2026 M. Hirani

Ray Dashboard Unauthenticated Job Deletion (CVE-2026-27482)

RAXE-2026-026 MEDIUM CVSS 6.5
Supply Chain 1 CVE 4 sigs
Mar 9, 2026 M. Hirani

LangGraph Checkpoint Redis Query Injection (CVE-2026-27022)

RAXE-2026-025 MEDIUM CVSS 6.5
Supply Chain 1 CVE 4 sigs
Mar 9, 2026 M. Hirani

NVIDIA NeMo Framework Code Injection (CVE-2025-33236)

RAXE-2026-024 HIGH CVSS 7.8
Supply Chain 10 CVEs 7 sigs
Mar 9, 2026 M. Hirani

vLLM RCE via auto_map Dynamic Module Loading (CVE-2026-22807)

RAXE-2026-023 HIGH CVSS 8.8
Adversarial ML 1 CVE 5 sigs
Mar 9, 2026 M. Hirani

Claude Code Trusted Domain Validation Bypass (CVE-2026-24052)

RAXE-2026-022 HIGH CVSS 7.4
Agent Security 2 CVEs 5 sigs
Mar 9, 2026 M. Hirani

MCP Server git_init Path Traversal via Unrestricted Repository Initialisation (CVE-2025-68143)

RAXE-2026-021 MEDIUM CVSS 6.5
Agent Security 2 CVEs 5 sigs
Mar 9, 2026 M. Hirani

vLLM Remote Code Execution via Video Processing (CVE-2026-22778)

RAXE-2026-020 CRITICAL CVSS 9.8
Adversarial ML 1 CVE 5 sigs
Mar 9, 2026 M. Hirani

PyTorch weights_only Unpickler Memory Corruption

RAXE-2026-019 HIGH CVSS 8.8
Supply Chain 1 CVE 4 sigs
Mar 9, 2026 M. Hirani

WeKnora MCP Stdio Command Injection RCE (CVE-2026-30861)

RAXE-2026-018 HIGH CVSS 8.8
Agent Security 1 CVE 4 sigs
Mar 8, 2026 M. Hirani

LangGraph Checkpoint Unsafe Msgpack Deserialisation (CVE-2026-28277)

RAXE-2026-017 MEDIUM CVSS 6.8
Agent Security 1 CVE 3 sigs
Mar 9, 2026 M. Hirani

Web-Based Indirect Prompt Injection Against AI Agents: Observed in the Wild

RAXE-2026-016 HIGH
Prompt Injection 3 sigs
Mar 6, 2026 M. Hirani

PickleScan Universal Blocklist Bypass and Stdlib RCE Modules

RAXE-2026-015 CRITICAL CVSS 9.8
Supply Chain 3 sigs
Mar 6, 2026 M. Hirani

MCP Server Git Path Traversal via Agentic Tool-Use (CVE-2026-27735)

RAXE-2026-014 MEDIUM CVSS 6.4
Agent Security 1 CVE 4 sigs
Mar 4, 2026 M. Hirani

Langflow CSV Agent Remote Code Execution via Prompt Injection (CVE-2026-27966)

RAXE-2026-013 CRITICAL CVSS 9.8
Agent Security 1 CVE 3 sigs
Mar 4, 2026 M. Hirani

Agenta LLMOps Sandbox Escape and SSTI in Evaluator Pipeline (CVE-2026-27952, CVE-2026-27961)

RAXE-2026-012 CRITICAL CVSS 9.9
Agent Security 2 CVEs 3 sigs
Mar 4, 2026 M. Hirani

From research to runtime protection

Our advisories produce detection signatures deployed automatically to RAXE Gateway and RAXE Sensor. Deploy the platform that enforces what we discover.

Request a Demo Talk to an Engineer

Stay Current

Subscribe to RAXE Labs threat briefs. New advisories delivered to your inbox.