Articles — VulnWatch

May 21, 2026 · 19 entries · daily · Subscribers only

VulnWatch Daily: Critical Agent Control Bypasses and Twig RCE Cluster

19 new vulnerabilities reported today including active Langflow exploitation, critical MCP auth bypasses, and a massive cluster of Twig RCEs affecting AI rendering pipelines.

Supply Chain Remote Code Execution Auth Bypass Agentic / MCP

May 19, 2026 · 17 entries · daily · Subscribers only

VulnWatch Daily: MCP RCE, Supply Chain Worms, and MLflow Risks

Critical MCP RCEs and a renewed npm worm campaign dominate today's digest. MLflow and AutoGPT users must patch immediately to prevent agent compromise.

Prompt Injection Supply Chain Remote Code Execution Data Leakage Auth Bypass SSRF Agentic / MCP

May 18, 2026 · 17 entries · daily · Subscribers only

VulnWatch Daily: Critical RCE in SGLangs and ChromaDB; Mistral Supply Chain

Today's digest highlights critical RCE vulnerabilities in SGLangs and ChromaDB, alongside a confirmed malicious dropper in the Mistral AI PyPI package. Immediate patching and supply chain verification are required.

Supply Chain Remote Code Execution Auth Bypass SSRF Agentic / MCP

May 11, 2026 · 99 entries · weekly

VulnWatch Weekly: Agentic RCE Surge & LiteLLM Exploitation

Critical RCEs plague agent platforms like FastGPT and PraisonAI. LiteLLM SQLi is actively exploited. Supply chain risks rise with PyTorch Lightning compromise.

Prompt Injection Supply Chain Remote Code Execution Data Leakage Auth Bypass SSRF API Abuse Agentic / MCP

May 8, 2026 · 36 entries · daily · Subscribers only

VulnWatch Daily: Critical RCE Surges in AI Agent Sandboxes and Gateways

36 vulnerabilities disclosed today highlight severe RCE risks in FastGPT, LiteLLM, and Open WebUI. Immediate patching recommended for agent platforms and model gateways to prevent compromise.

Prompt Injection Supply Chain Remote Code Execution Data Leakage Auth Bypass SSRF Agentic / MCP

May 7, 2026 · 15 entries · daily · Subscribers only

VulnWatch Daily: Supply Chain Compromises and Agentic SSRF Risks

Critical supply chain compromises hit PyTorch Lightning while new SSRF vectors emerge in MCP servers. Plus, sandbox escapes in vm2 and widespread Copilot injection flaws.

Prompt Injection Supply Chain Remote Code Execution Data Leakage SSRF Agentic / MCP

May 5, 2026 · 19 entries · daily · Subscribers only

VulnWatch Daily: Critical MCP Server Flaws and Agent RCE Risks Surge

Today's digest highlights critical path traversal and prompt injection flaws in MCP servers and AI agents, including Langflow and SQLBot. Immediate patching is recommended for exposed instances.

Prompt Injection Supply Chain Remote Code Execution Auth Bypass SSRF Agentic / MCP