AI security incident: CVE-2026-22813 (NVD)
Incident date: January 12, 2026 | Published: February 22, 2026
OpenCode is an open source AI coding agent. The markdown renderer used for LLM responses will insert arbitrary HTML into the DOM.
ASR AI Security Radar
Recent AI Security Incidents
This archive includes all published incident pages. Page 16 of 16.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
AI security incident: CVE-2025-68472 (NVD)
Incident date: January 12, 2026 | Published: February 14, 2026
MindsDB is a platform for building artificial intelligence from enterprise data. Prior to version 25.11.1, an unauthenticated path traversal in the file upload API lets any caller read arbitrary files from the server filesystem and move...
AI security incident: CVE-2026-21869 (NVD)
Incident date: January 8, 2026 | Published: February 14, 2026
llama.cpp is an inference of several LLM models in C/C++. In commits 55d4206c8 and prior, the n_discard parameter is parsed directly from JSON input in the llama.
AI security incident: VU#420440: Vulnerable Python version used in Forcepoint One DLP Client
Incident date: January 6, 2026 | Published: February 25, 2026
Overview A vulnerability in the Forcepoint One DLP Client allows bypass of the vendor-implemented Python restrictions designed to prevent arbitrary code execution.
AI security incident: CVE-2025-67732 (NVD)
Incident date: January 5, 2026 | Published: February 14, 2026
Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it.
AI security incident: CVE-2025-68669 (NVD)
Incident date: December 23, 2025 | Published: February 14, 2026
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.
AI security incident: CVE-2025-66580 (NVD)
Incident date: December 19, 2025 | Published: February 14, 2026
Dive is an open-source MCP Host Desktop Application that enables integration with function-calling LLMs. A critical Stored Cross-Site Scripting (XSS) vulnerability exists in versions prior to 0.11.