This archive includes all published incident pages. Page 2 of 18.
Each page is intended to help a security team answer three questions quickly: why the issue is AI-relevant, what part of the workflow may be exposed, and what actions should happen first.
Selection criteria and correction policy are documented in Methodology & Editorial Policy.
Incident date: April 20, 2026 | Published: April 20, 2026
Overview A remote code execution vulnerability has been discovered in the SGLang project, specifically in the reranking endpoint (/v1/rerank) . A CVE has been assigned to track the vulnerability; CVE-2026-5760.
Incident date: April 16, 2026 | Published: April 16, 2026
Paperclip: codex local inherited ChatGPT/OpenAI-connected Gmail and was able to send real email Summary A Paperclip-managed codex local runtime was able to access and use a Gmail connector that I had connected in the ChatGPT/OpenAI apps...
Incident date: April 16, 2026 | Published: April 16, 2026
Flowise: APIChain Prompt Injection SSRF in GET/POST API Chains Summary A Server-Side Request Forgery (SSRF) vulnerability exists in FlowiseAI's POST/GET API Chain components that allows unauthenticated attackers to force the server...
Incident date: April 8, 2026 | Published: April 8, 2026
PraisonAI Vulnerable to OS Command Injection The execute command function and workflow shell execution are exposed to user-controlled input via agent workflows, YAML definitions, and LLM-generated tool calls,...
Incident date: April 4, 2026 | Published: April 4, 2026
OpenClaw: Gemini OAuth exposed the PKCE verifier through the OAuth state parameter Summary Before OpenClaw 2026.4.2, the Gemini OAuth flow reused the PKCE verifier as the OAuth state value.
Incident date: April 3, 2026 | Published: April 3, 2026
OpenClaw: Agentic Consent Bypass — LLM Agent Can Silently Disable Exec Approval via config.patch Summary Agentic Consent Bypass: LLM Agent Can Silently Disable Exec Approval via config.
Incident date: March 30, 2026 | Published: March 30, 2026
Overview Four vulnerabilities have been identified in CrewAI, including remote code execution (RCE), arbitrary local file read, and server-side request forgery (SSRF). CVE-2026-2275 is directly caused by the Code Interpreter Tool.
Incident date: March 27, 2026 | Published: March 27, 2026
LangChain Core has Path Traversal vulnerabilites in legacy load prompt functions Summary Multiple functions in langchain core.prompts.
Incident date: March 26, 2026 | Published: March 26, 2026
Langflow has Authenticated Code Execution in Agentic Assistant Validation Description Summary The Agentic Assistant feature in Langflow executes LLM-generated Python code during its validation phase.
Incident date: March 19, 2026 | Published: March 19, 2026
Claude Code has a Workspace Trust Dialog Bypass via Repo-Controlled Settings File Claude Code resolved the permission mode from settings files, including the repo-controlled .claude/settings.