RAXE LABS
Security Advisories
AI/ML security advisories and guides across 4 research streams. Vulnerability research, threat analysis, and practitioner guidance.
Latest Advisory
NVIDIA BioNeMo Framework Deserialization of Untrusted Data Enables Remote Code Execution (CVE-2026-24164)
NVIDIA BioNeMo Framework, NVIDIA's open-source biomedical-AI framework, distributed both as source in the public `github.com/NVIDIA/bionemo-framework` repository and as pre-built images in the NVIDIA
Supply Chain
1 CVE
PraisonAI Post-Cluster Wave: execute_command OS Command Injection + Multi-Backend SQL Injection Incomplete-Fix (CVE-2026-40088, CVE-2026-40315)
Agent Security
2 CVEs
Claude Code Sandbox Escape via Symlink Following Enables Arbitrary File Write Outside Workspace (CVE-2026-39861)
Agent Security
1 CVE
Flowise CSV Agent Pyodide Sandbox Escape, Third Advisory in the 3.0.13 Wave (CVE-2026-41264)
Agent Security
1 CVE
Claude Code Windows Local Privilege Escalation via Untrusted ProgramData Search Path (CVE-2026-35603)
Agent Security
1 CVE
Flowise 3.0.13 Post-Patch Advisory Wave: Airtable_Agent Pyodide Sandbox Escape and Unauthenticated TTS Credential Abuse
Agent Security
2 CVEs
OpenAI Codex CLI Auto-Loaded MCP Config Enables Command Injection Without Interactive Approval (CVE-2025-61260)
Agent Security
1 CVE
Paperclip Agent Runtime and Tenant Boundary Collapse: Multi-Advisory Disclosure Burst
Supply Chain
2 CVEs
LiteLLM JWT Authentication Cache Key Collision
Supply Chain
1 CVE
2 sigs
text-generation-webui Path Traversal to RCE (CVE-2026-35050)
Supply Chain
1 CVE
2 sigs
Anthropic Claude Code CLI and Agent SDK OS Command Injection (CVE-2026-35022)
Agent Security
1 CVE
3 sigs
PraisonAI Ecosystem Nine-Vulnerability Cluster - Sandbox Bypass, MCP Command Injection, SQL Injection, Authentication Bypass, and SSRF Across praisonai and praisonaiagents
Agent Security
9 CVEs
2 sigs
CrewAI Unsafe Fallback and Configuration Behaviours Enable Prompt-Injection-to-RCE, SSRF, and File Read
S2
4 CVEs
6 sigs
ONNX Model Deserialization Attribute Injection via setattr()
Supply Chain
1 CVE
6 sigs
FastGPT AI Agent Platform Unauthenticated HTTP Proxy and MCP SSRF
Agent Security
2 CVEs
4 sigs
LangChain Path Traversal in Prompt Loading Enables Arbitrary File Read
Agent Security
1 CVE
4 sigs
Hardening Your Environment Against Software Supply Chain Attacks
Supply Chain
1 CVE
vLLM Hardcoded trust_remote_code Bypass Enables Remote Code Execution via Malicious Model Repositories (CVE-2026-27893)
Agent Security
3 CVEs
6 sigs
Langflow Unauthenticated Code Injection RCE via Public Flow Build Endpoint (CVE-2026-33017)
Agent Security
3 CVEs
3 sigs
llama.cpp GGUF Integer Overflow Heap Buffer Overflow via Crafted Tensor Dimensions (CVE-2026-33298)
Supply Chain
1 CVE
Spring AI Vector Store Filter Injection — JSONPath and SQL Injection Bypass Multi-Tenant Access Controls
Agent Security
2 CVEs
1 sig
Claude Code Workspace Trust Dialog Bypass via Repository Settings (CVE-2026-33068)
Agent Security
1 CVE
1 sig
ONNX Hub Silent Security Warning Bypass Enables Supply Chain Attacks (CVE-2026-28500)
S3: Supply Chain
1 CVE
2 sigs
AnythingLLM Desktop: Streaming XSS to Remote Code Execution
S4: Prompt Injection / Input Handling
1 CVE
2 sigs
Graphiti Temporal Knowledge Graph Cypher Injection via Unsanitised Search Filters
Agent Security
1 CVE
3 sigs
MCP Atlassian SSRF: Unauthenticated Server-Side Request Forgery Enabling Credential Theft and Prompt Injection (CVE-2026-27826)
S2: Agent Security
1 CVE
4 sigs
Flowise LLM Orchestration Platform Six-Vulnerability Cluster: Missing Authentication, File Upload, Auth Bypass, IDOR, Mass Assignment, and SSRF
S2: Agent Security
6 CVEs
7 sigs
claude-code-ui Triple Command Injection (CVE-2026-31975, CVE-2026-31862, CVE-2026-31861)
Supply Chain
3 CVEs
3 sigs
HuggingFace smolagents SSRF via LocalPythonExecutor (CVE-2026-2654)
Agent Security
1 CVE
4 sigs
MLflow Auth Bypass to RCE via Artifact Path Traversal (CVE-2026-2635 + CVE-2026-2033)
Agent Security
4 CVEs
5 sigs
CVE-2026-28795: OpenChatBI Path Traversal via save_report Tool
Supply Chain
1 CVE
5 sigs
Ray Dashboard Unauthenticated Job Deletion (CVE-2026-27482)
Supply Chain
1 CVE
4 sigs
LangGraph Checkpoint Redis Query Injection (CVE-2026-27022)
Supply Chain
1 CVE
4 sigs
NVIDIA NeMo Framework Code Injection (CVE-2025-33236)
Supply Chain
10 CVEs
7 sigs
vLLM RCE via auto_map Dynamic Module Loading (CVE-2026-22807)
Adversarial ML
1 CVE
2 sigs
Claude Code Trusted Domain Validation Bypass (CVE-2026-24052)
Agent Security
2 CVEs
5 sigs
MCP Server git_init Path Traversal via Unrestricted Repository Initialisation (CVE-2025-68143)
Agent Security
2 CVEs
5 sigs
vLLM Remote Code Execution via Video Processing (CVE-2026-22778)
Adversarial ML
1 CVE
5 sigs
PyTorch weights_only Unpickler Memory Corruption
Supply Chain
1 CVE
4 sigs
WeKnora MCP Stdio Command Injection RCE (CVE-2026-30861)
Agent Security
1 CVE
4 sigs
LangGraph Checkpoint Unsafe Msgpack Deserialisation (CVE-2026-28277)
Agent Security
1 CVE
2 sigs
Web-Based Indirect Prompt Injection Against AI Agents: Observed in the Wild
Prompt Injection
3 sigs
PickleScan Universal Blocklist Bypass and Stdlib RCE Modules
Supply Chain
3 sigs
MCP Server Git Path Traversal via Agentic Tool-Use (CVE-2026-27735)
Agent Security
1 CVE
4 sigs
Langflow CSV Agent Remote Code Execution via Prompt Injection (CVE-2026-27966)
Agent Security
1 CVE
3 sigs
Agenta LLMOps Sandbox Escape and SSTI in Evaluator Pipeline (CVE-2026-27952, CVE-2026-27961)
Agent Security
2 CVEs
3 sigs
From research to runtime protection
Our advisories produce detection signatures deployed automatically to RAXE Gateway and RAXE Sensor. Deploy the platform that enforces what we discover.
Stay Current
Subscribe to RAXE Labs threat briefs. New advisories delivered to your inbox.