AI Security Briefing

AI Security Briefing — 2026-06-21

6 CRIT · THREAT RED · 6 items · Generated in 314s

← Back to archive

AI EXPLOIT WATCH

CRITICAL

GHSASUPPLY-CHAINLLM01: Prompt InjectionAML.T0051

netlicensing-mcp: REST Path Traversal Bypasses Token Redaction

2026-06-18

MCP tool bypasses token redaction, exposing admin-level API key values

CRITICAL

GHSASUPPLY-CHAINCVE-2026-55837LLM01: Insecure Direct Object ReferenceAML.T0051

dbt MCP Server: Unauthenticated OAuth Context Endpoint Leaks dbt Platform Tokens

2026-06-19

dbt platform tokens stolen via unauthenticated OAuth endpoint

CRITICAL

NVDSUPPLY-CHAINLLM02: Regular Expression Denial of Service (ReDoS)AML.T0051

CVE-2025-71379: vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Severa

2026-06-20

vLLM versions >= 0.6.3 and < 0.9.0 contain ReDoS vulnerabilities

CRITICAL

NVDSUPPLY-CHAINCVE-2026-56340LLM02: Insufficient Implementation of Sparse Tensor ValidationAML.T0051

CVE-2026-56340: vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because P

2026-06-20

vLLM versions >= 0.10.2 and < 0.13.0 are vulnerable to crashes or resource exhaustion due to missing sparse tensor validation

CRITICAL

NVDSUPPLY-CHAINLLM02: Unknown FunctionAML.T0051

CVE-2026-12770: A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file

2026-06-21

Improper authorization due to unknown function in file

CRITICAL

NVDSUPPLY-CHAINCVE-2026-12771LLM02: Authentication ManagementAML.T0051

CVE-2026-12771: A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/pro

2026-06-21

Vulnerability in BerriAI litellm allows remote improper authorization

THREAT HEADLINES

No new AI-centered threat headlines found.