News Updated 2 days ago
Unauthenticated Server Takeover Flaw in ML Feature Store Feast (CVE-2026-56121) — Update to v0.63.0
SecurityAI
Feast, a data platform used in AI and machine learning, has a flaw that lets an attacker take over the server without authentication. CVE-2026-56121, with a top-class severity of CVSS 9.8. Versions before 0.63.0 are affected; a single crafted request from outside can run arbitrary code on the server running Feast. Update to 0.63.0 now.
2026.06.253 views
News Updated 3 days ago
What Is Sakana AI's "Fugu"? The Japanese AI That Bundles Other AIs
Japanese CompaniesDevelopmentAI
Japan's Sakana AI launched Fugu and Fugu Ultra, an AI that bundles and routes between multiple models. What it is, and how it differs from Claude and ChatGPT, explained for non-experts.
2026.06.233 views
News Updated 3 days ago
Two vLLM Flaws: API-Key Bypass (CVE-2026-48746, CVSS 9.1) & Dependency Confusion (CVE-2026-54232) — Update to 0.22.1
AISecurity
vLLM, the go-to engine for self-hosting LLMs, has two critical flaws. CVE-2026-48746 (CVSS 9.1) lets attackers bypass the API key and use the AI API without authentication; CVE-2026-54232 (CVSS 8.8) is a Docker-build dependency confusion that runs code as root. Updating to 0.22.1 resolves both.
2026.06.232 views
News Updated 3 days ago
Unauthenticated SSRF in Crawl4AI: CVE-2026-56266 (CVSS 8.6/9.2) — Update to 0.8.7
AISecurity
Crawl4AI, a popular crawler for AI data collection, has a critical flaw in its Docker API server, exploitable without authentication (CVE-2026-56266). An attacker can make the server fetch cloud internal data and steal access keys. All versions before 0.8.7 are affected; 0.8.7 also fixes several flaws including a pre-auth RCE. Update now.
2026.06.235 views
News Updated 3 days ago
Critical Langflow Flaw CVE-2026-10561 (CVSS 10.0): Unauthenticated RCE — Update to 1.9.4 Now
AISecurity
Langflow, the popular low-code AI agent builder, has a maximum-severity flaw (CVSS 10.0, CVE-2026-10561). If exposed to the internet, an attacker can fully take over the server with no login required. Versions 1.0.0–1.9.3 are affected; update to 1.9.4 and cut off external access now.
2026.06.233 views
News Updated 5 days ago
Unauthenticated takeover flaw in AI crawler Crawl4AI (CVE-2026-56265): update to 0.8.7
SecurityInfrastructureAI
A critical flaw lets attackers take over a server without logging in, found in Crawl4AI, the popular tool that feeds web pages into AI. Rated CVSS 9.8, the self-hosted Docker edition baked the 'master key' used to verify users into the product, so anyone can impersonate an administrator. A fix, 0.8.7, is out; if you self-host, update urgently.
2026.06.226 views
News Updated 6 days ago
Four new critical flaws in AI builder Flowise — CVE-2025-71338 is a perfect-10.0 RCE with no patch
AIDevelopmentSecurity
Four new critical flaws, including a perfect 10.0, hit Flowise, the popular no-code tool for building AI apps. The worst, CVE-2025-71338, lets an attacker write arbitrary files to the server with no login via a crafted file name and take over on restart — and it has no patch yet. Two are fixed in 3.0.6; two are not. We lay out the fixes and a version-by-version quick reference.
2026.06.215 views
Lab Updated 4 days ago
Claude Code vs Codex: Only 1 of 17 Tries Fixed an Unseen Vulnerability
SecurityAIDevelopment
We planted brand-new vulnerabilities that the models had never seen, cut off internet access so they could not look up the answer, and asked Claude Code and Codex to fix them. Across 17 runs, only one actually closed the real hole. Knowing the file was not enough, and a green test suite did not mean the bug was gone.
2026.06.1912 views
Roundup Updated 7 days ago
ChatGPT Ads in Japan: When They Started, the Cost, the Results, and Whether They Change Answers
Japanese CompaniesGlobal CompaniesAI
In June 2026, ChatGPT ads started in Japan, targeting the free and low-cost "Go" plans (paid Plus and Pro show none), with Dentsu and CyberAgent supporting placement. This guide covers when it began in Japan, what advertisers pay, how the ads have performed, and the user question of whether ads change the answers, from both the advertiser's and user's side.
2026.06.1919 views
News
mcp-pinot, the Bridge Between AI and Your Database, Lets Anyone In: CVE-2026-49257, Update to v3.1.0
SecurityDevelopmentAI
mcp-pinot, the component that connects AI assistants to an analytics database, was left reachable by anyone from the outside at its default settings. CVE-2026-49257 carries the maximum 10.0 severity. An attacker can read and write the database without authentication, risking a full takeover. No-auth holes keep surfacing in the 'MCP servers' that connect AI to external systems; affected v3.0.1 and earlier should be updated to v3.1.0 immediately.
2026.06.198 views
News
Account Takeover Flaw in AI Agent Tool AutoGPT: CVE-2026-55237, Update to 0.6.62
AIDevelopmentSecurity
A vulnerability in AutoGPT, the well-known tool for building AI agents, can let an attacker hijack a user's account just by getting them to click a crafted link. Published June 18, 2026 as CVE-2026-55237 with a severity of 8.8 out of 10, it affects self-hosted installs. Updating to the latest version, 0.6.62, closes the hole.
2026.06.195 views
News
Picklescan Can Be Bypassed: 8 Flaws Let Malicious AI Models Pass as Safe (CVE-2026-3490), Update to v1.0.4
AISecurity
Picklescan, the tool that detects dangerous code hidden in AI models, has eight flaws that let attackers slip past the scan. The most severe, CVE-2026-3490, scores a perfect 10.0. Even a model marked safe can hijack your PC or server the moment it loads, and since it runs behind hubs like Hugging Face, the impact is broad. Here is what to do, how to update to v1.0.4, and a safer model format.
2026.06.188 views
