Articles — VulnWatch

May 29, 2026 · 28 entries · daily · Subscribers only

VulnWatch Daily: Agentic Frameworks Crisis & Local LLM UI Risks

Critical sandbox escapes in PraisonAI and auth bypasses in SillyTavern dominate today's digest. MCP ecosystem and RAG platforms also show significant supply chain risks requiring immediate patching.

Prompt Injection Remote Code Execution Data Leakage SSRF Agentic / MCP

May 28, 2026 · 10 entries · daily · Subscribers only

VulnWatch Daily: Critical Agent Escapes and Model Serving RCE

Today's digest highlights critical vulnerabilities in CodeWhale agents, vllm model serving, and AnythingLLM. Immediate patching is recommended for agentic workflows.

Remote Code Execution Auth Bypass SSRF Agentic / MCP

May 27, 2026 · 17 entries · daily · Subscribers only

VulnWatch Daily: Critical RCEs in AI Agents and Build Pipelines

Today's digest highlights critical remote code execution risks in Langroid, BentoML, and Langflow, alongside a significant cluster of Symfony framework vulnerabilities affecting enterprise integrations.

Prompt Injection Remote Code Execution

May 21, 2026 · 19 entries · daily · Subscribers only

VulnWatch Daily: Critical Agent Control Bypasses and Twig RCE Cluster

19 new vulnerabilities reported today including active Langflow exploitation, critical MCP auth bypasses, and a massive cluster of Twig RCEs affecting AI rendering pipelines.

Supply Chain Remote Code Execution Auth Bypass Agentic / MCP

May 20, 2026 · 16 entries · daily · Subscribers only

VulnWatch: NVIDIA Inference Stack Critical Flaws & AI Supply Chain Risks

Critical authentication bypasses in NVIDIA Triton and deserialization risks in TRT-LLM dominate today's digest. Plus, new supply chain threats in Diffusers and agent tooling.

Remote Code Execution Data Leakage Auth Bypass

May 19, 2026 · 17 entries · daily · Subscribers only

VulnWatch Daily: MCP RCE, Supply Chain Worms, and MLflow Risks

Critical MCP RCEs and a renewed npm worm campaign dominate today's digest. MLflow and AutoGPT users must patch immediately to prevent agent compromise.

Prompt Injection Supply Chain Remote Code Execution Data Leakage Auth Bypass SSRF Agentic / MCP

May 18, 2026 · 17 entries · daily · Subscribers only

VulnWatch Daily: Critical RCE in SGLangs and ChromaDB; Mistral Supply Chain

Today's digest highlights critical RCE vulnerabilities in SGLangs and ChromaDB, alongside a confirmed malicious dropper in the Mistral AI PyPI package. Immediate patching and supply chain verification are required.

Supply Chain Remote Code Execution Auth Bypass SSRF Agentic / MCP

May 18, 2026 · 102 entries · weekly

VulnWatch Weekly: MCP Security Crisis & Model Loading RCE Surge

This week exposes critical risks in Model Context Protocol implementations, unsafe model deserialization in PyTorch/Diffusers, and agentic RCE chains. Immediate patching required for SOCFortress, ART, and Open WebUI.

Prompt Injection Remote Code Execution Data Leakage Auth Bypass SSRF API Abuse Agentic / MCP

May 15, 2026 · 11 entries · daily · Subscribers only

VulnWatch Daily: Open WebUI Auth Bypasses and APM Supply Chain Risks

Today's digest highlights critical access control failures in Open WebUI and supply chain vulnerabilities in Microsoft APM. MLflow and AVideo also report high-severity issues.

Remote Code Execution Auth Bypass Agentic / MCP

May 14, 2026 · 41 entries · daily · Subscribers only

VulnWatch Daily: Critical Agent RCE and Open WebUI Access Control Flaws

41 new vulnerabilities reported today, including critical RCE in DeepSeek TUI and widespread access control failures in Open WebUI. Immediate patching recommended for AI agent frameworks.

Prompt Injection Remote Code Execution Data Leakage Auth Bypass SSRF API Abuse Agentic / MCP

May 13, 2026 · 9 entries · daily · Subscribers only

VulnWatch Daily: Agentic Auth Bypasses and CLI RCE Risks Surge

Critical MCP authorization flaws and local CLI RCE vulnerabilities dominate today's digest. Security teams must audit agent tooling and desktop clients immediately.

Prompt Injection Remote Code Execution Auth Bypass SSRF Agentic / MCP

May 12, 2026 · 19 entries · daily · Subscribers only

VulnWatch Daily: Agentic Platform Risks & MCP Server Exposures

Critical vulnerabilities in JunoClaw and MCP servers highlight agentic security gaps. Enterprise copilots and inference engines also face injection and stability risks.

Prompt Injection Remote Code Execution Auth Bypass SSRF Agentic / MCP

May 11, 2026 · 19 entries · daily · Subscribers only

VulnWatch Daily: Critical MCP RCEs and Auth Bypasses Flood AI Stack

May 11 brings critical flaws in MCP servers, MLflow, and Open WebUI. Immediate patching required for agentic frameworks and model serving platforms.

Prompt Injection Remote Code Execution Auth Bypass SSRF Agentic / MCP

May 11, 2026 · 99 entries · weekly

VulnWatch Weekly: Agentic RCE Surge & LiteLLM Exploitation

Critical RCEs plague agent platforms like FastGPT and PraisonAI. LiteLLM SQLi is actively exploited. Supply chain risks rise with PyTorch Lightning compromise.

Prompt Injection Supply Chain Remote Code Execution Data Leakage Auth Bypass SSRF API Abuse Agentic / MCP

May 9, 2026 · 1 entry · daily · Subscribers only

Spring AI Milvus Vector Store Injection Flaw Exposes RAG Pipelines

High severity CVE-2026-41705 allows filter-expression injection in Spring AI's MilvusVectorStore. Enterprise RAG systems risk unauthorized data deletion and leakage. Immediate patching required.