AI Security Briefing

CRITICAL

NVDSUPPLY-CHAINLLM02: Image ProcessingAML.T0051

CVE-2026-12491: A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from impr

2026-06-17

vulnerability in vLLM library could affect data integrity

CRITICAL

GHSASUPPLY-CHAINLLM02: Image ProcessingAML.T0051

Duplicate Advisory: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

2026-06-17

Improper handling of image metadata can lead to model misinterpretation and data integrity issues

CRITICAL

GHSASUPPLY-CHAINCVE-2026-54006LLM02: Broken AuthenticationAML.T0051

Open WebUI IDOR: Calendar event re-parenting allows writing events into another user's calendar

2026-06-17

allows writing events into another user

CRITICAL

GHSASUPPLY-CHAINCVE-2026-54233LLM02: Uncontrolled Resource UtilizationAML.T0051

vLLM: OOM Denial of Service via Audio Decompression Bomb

2026-06-17

vLLM's audio decoder can exhaust server memory with a small number of concurrent requests, leading to a denial-of-service attack.

CRITICAL

GHSASUPPLY-CHAINCVE-2026-53923LLM01: Prompt InjectionAML.T0051

vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

2026-06-17

uninitialized GPU memory in multi-tenant serving exposes information disclosure

CRITICAL

GHSASUPPLY-CHAINCVE-2026-12491LLM01: Prompt InjectionAML.T0051

vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

2026-06-17

Failing to normalize EXIF orientation and PNG tRNS transparency can introduce interpretation bias and distort input content.

CRITICAL

GHSASUPPLY-CHAINCVE-2026-54235LLM02: Invalid Data ControlAML.T0051

vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

2026-06-17

Crashing inference worker on GPU kernel execution with NaN/Inf softmax input, degrading service for all concurrent users.

CRITICAL

GHSASUPPLY-CHAINCVE-2026-53765LLM01: Prompt InjectionAML.T0051

Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

2026-06-17

allows local low-privilege user to pre-create symlink to file writable by victim, truncating target file to daemon PID string

CRITICAL

GHSASUPPLY-CHAINLLM01: Prompt InjectionAML.T0051

netlicensing-mcp: REST Path Traversal Bypasses Token Redaction

2026-06-18

MCP tool bypasses token redaction, exposing admin-level API key values

CRITICAL

GHSASUPPLY-CHAINCVE-2023-1234LLM01: Transport Layer Security MisconfigurationAML.T0051

PraisonAI: MCP SSE transport binds 0.0.0.0 with no authentication and no Origin validation; bundled SecurityConfig is never wired in

2026-06-18

No authentication or origin validation on MCP SSE transport, allowing host-based attacks

CRITICAL

GHSASUPPLY-CHAINCVE-2026-0755LLM02: Untrusted Input ValidationAML.T0051

gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)

2026-06-18

vulnerable to OS command injection and @file exfiltration via prompt quoting

HIGH

GHSASUPPLY-CHAINLLM02: Custom Header ExposureAML.T0051

Duplicate Advisory: MCP Streamable HTTP redirects could forward configured custom headers to another origin

2026-06-16

MCP Streamable HTTP redirects could forward configured custom headers to another origin, potentially exfiltrating sensitive headers

HIGH

GHSASUPPLY-CHAINLLM02: Custom Header InjectionAML.T0051

OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin

2026-06-17

Custom headers could be sent to the redirect target, exposing credential scope

MEDIUM

GHSASUPPLY-CHAINCVE-2026-22778LLM02: Broken DependencyAML.T0051

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router

2026-06-17

incomplete fix for CVE-2026-22778 allows heap address leakage

PGNetworks

AI Security Briefing — 2026-06-19

CVE-2026-12491: A flaw was found in vLLM, an open-source library for large language model inference. This vulnerability arises from impr

Duplicate Advisory: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

Open WebUI IDOR: Calendar event re-parenting allows writing events into another user's calendar

vLLM: OOM Denial of Service via Audio Decompression Bomb

vLLM: GGUF dequantize kernel int truncation exposes uninitialized GPU memory in multi-tenant serving

vLLM: image EXIF Rotation & PNG tRNS Transparency Not Normalized, Causing Mismatch Between Model Input and Expectations

vLLM: temperature=NaN and temperature=Infinity bypass validation and propagate to GPU kernels

Chrome DevTools for agents: daemon.pid write follows symlinks in /tmp fallback runtime directory

netlicensing-mcp: REST Path Traversal Bypasses Token Redaction

PraisonAI: MCP SSE transport binds 0.0.0.0 with no authentication and no Origin validation; bundled SecurityConfig is never wired in

gemini-mcp-tool vulnerable to OS command injection and @file exfiltration via prompt quoting (CVE-2026-0755)

Duplicate Advisory: MCP Streamable HTTP redirects could forward configured custom headers to another origin

OpenClaw: MCP Streamable HTTP redirects could forward configured custom headers to another origin

vLLM: incomplete CVE-2026-22778 fix leaks PIL repr addresses via Anthropic router