This archive includes all published incident pages. Page 1 of 18.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: May 18, 2026 | Published: May 18, 2026
Overview Three vulnerabilities have been discovered in the SGLang project, two enabling remote code execution (RCE), and one regarding a path traversal vulnerability.
Incident date: May 6, 2026 | Published: May 7, 2026
Keras vulnerable to DoS via Malicious .keras Model (HDF5 Shape Bomb Causes Petabyte Allocation in KerasFileEditor) Summary Keras’s model loader (KerasFileEditor) unsafely loads user-supplied .
Incident date: May 5, 2026 | Published: May 5, 2026
PPTAgent: Arbitrary Code Execution via Python eval() of LLM-Generated Code with Builtins in Scope Summary This vulnerability has been fixed in https://github.com/icip-cas/PPTAgent/commit/418491a9a1c02d9d93194b5973bb58df35cf9d00.
Incident date: May 4, 2026 | Published: May 4, 2026
Pelican Web UI Affected by a Privilege Escalation Attack Background On April 2nd, 2026, a Claude coding agent alerted Pelican PI Brian Bockelman to a privilege escalation vulnerability affecting Pelican's Web User Interface...
Incident date: April 24, 2026 | Published: April 24, 2026
Gemini CLI: Remote Code Execution via workspace trust and tool allowlisting bypasses Summary Gemini CLI (@google/gemini-cli) and the run-gemini-cli GitHub Action are being updated to harden workspace trust and tool allowlisting, in...
Incident date: April 24, 2026 | Published: April 24, 2026
k8sGPT has Prompt Injection through its k8sGPT-Operator Summary In the auto-remediation pipeline, object to execution.go was deserializing the AI-generated YAML directly into a Deployment object, but there was lack of...
Incident date: April 24, 2026 | Published: April 24, 2026
Claude Code: Trust Dialog Bypass via Git Worktree Spoofing Allows Arbitrary Code Execution Claude Code used the git worktree commondir file when determining folder trust but did not validate its contents.
Incident date: April 22, 2026 | Published: April 22, 2026
engram: HTTP server CORS wildcard + auth-off-by-default enables CSRF graph exfiltration and persistent indirect prompt injection Summary The local HTTP server started by engram server (binding 127.0.0.
Incident date: April 21, 2026 | Published: April 21, 2026
Flowise: CSV Agent Prompt Injection Remote Code Execution Vulnerability Abstract Trend Micro's Zero Day Initiative has identified a vulnerability affecting FlowiseAI Flowise.
Incident date: April 21, 2026 | Published: April 21, 2026
Claude Code: Sandbox Escape via Symlink Following Allows Arbitrary File Write Outside Workspace Claude Code's sandbox did not prevent sandboxed processes from creating symlinks pointing to locations outside the workspace.