Check Point Research found three CVEs in LangGraph's persistence layer. CVE-2025-67644 SQLi chains with CVE-2026-28277 deserialization to reach RCE.
CVEs, exploits, and security flaws in AI frameworks, models, and infrastructure.
Check Point Research found three CVEs in LangGraph's persistence layer. CVE-2025-67644 SQLi chains with CVE-2026-28277 deserialization to reach RCE.
Adversa AI disclosed SymJack (symlink hijacking to plant malicious MCP servers) and TrustFall (trust dialog bypass) hitting six AI coding agents including Copilot and Cursor.
CISA added CVE-2026-42271 to KEV after Horizon3.ai chained the LiteLLM MCP command injection flaw with a Starlette auth bypass for unauthenticated RCE. Federal deadline: June 22.
A flawed permission check in Anthropic's Claude Code GitHub Action allowed attackers to use prompt injection via a crafted issue to steal CI/CD secrets. Patched in v1.0.94.
Hundreds of backdoored and malware-laced models have been found in public AI registries. Covers pickle RCE, activation-trigger backdoors, and enterprise controls for model intake.