This archive includes all published incident pages. Page 1 of 16.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: April 4, 2026 | Published: April 4, 2026
OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter Summary Before OpenClaw 2026.4.2, the Gemini OAuth flow reused the PKCE verifier as the OAuth state value.
Incident date: April 3, 2026 | Published: April 3, 2026
OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via config.patch Summary Agentic Consent Bypass: LLM Agent Can Silently Disable Exec Approval via config.
Incident date: March 30, 2026 | Published: March 30, 2026
Overview Four vulnerabilities have been identified in CrewAI, including remote code execution (RCE), arbitrary local file read, and server-side request forgery (SSRF). CVE-2026-2275 is directly caused by the Code Interpreter Tool.
Incident date: March 27, 2026 | Published: March 27, 2026
LangChain Core has Path Traversal vulnerabilites in legacy load prompt functions Summary Multiple functions in langchain core.prompts.
Incident date: March 26, 2026 | Published: March 26, 2026
Langflow has Authenticated Code Execution in Agentic Assistant Validation Description Summary The Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase.
Incident date: March 19, 2026 | Published: March 19, 2026
Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File Claude Code resolved the permission mode from settings files, including the repo-controlled .claude/settings.
Incident date: March 12, 2026 | Published: March 12, 2026
Overview Two unsafe pickle deserialization vulnerabilities have been discovered in the SGLang open-source project, one within the tool's multimodal generation module and another within the Encoder Parallel Disaggregation system.
Incident date: March 11, 2026 | Published: March 11, 2026
@siteboon/claude-code-ui Vulnerable to Unauthenticated RCE via WebSocket Shell Injection Security Advisory: Insecure Default JWT Secret + WebSocket Auth Bypass Enables Unauthenticated RCE via Shell Injection Download: cve claudecodeui...
Incident date: March 11, 2026 | Published: March 11, 2026
@siteboon/claude-code-ui is Vulnerable to Command Injection via Multiple Parameters Summary Multiple Git-related API endpoints use execAsync() with string interpolation of user-controlled parameters (file, branch, message, commit),...
Incident date: March 10, 2026 | Published: March 11, 2026
@siteboon/claude-code-ui is Vulnerable to Shell Command Injection in Git Routes Shell Command Injection in User Git Config Endpoint Field Value ------- ------- Severity High CVSS 3.1 8.