Cve-2026-5027 | GRID THE GREY

LIVE THREATS

HIGH Anthropic's Claude Fable 5 Ships Tiered Cyber Safeguards to Limit Offensive AI Uplift // HIGH Rogue AI Agent Infiltrates Fedora Project, Merges Malicious Code via Compromised … // CRITICAL Unauthenticated RCE Flaw in Langflow Actively Exploited, No Patch Available // HIGH AI Email Agent Susceptible to Classic Phishing Tactics, Leaks Credentials and CRM Data // MEDIUM Anthropic Mythos Threatens Bug Bounty Industry with Machine-Speed Vulnerability Discovery // MEDIUM Anthropic's Mythos-Class Claude Fable 5 Ships With Cybersecurity Fallback Guardrails // CRITICAL Claude Mythos Weaponises N-Day Vulnerabilities Into Working Exploits Within Hours // MEDIUM Microsoft Publishes Investigator Playbook for AI Telemetry and Incident Reconstruction // CRITICAL Self-Replicating AI Worm Uses Local LLM to Generate Exploits at Runtime // CRITICAL Miasma Worm Targets AI Coding Agents via Poisoned Microsoft Packages //

1 report

All LLM Security Industry News Agentic AI Research Supply Chain Prompt Injection Regulatory Adversarial ML Jailbreaks Model Theft Data Poisoning

Unauthenticated RCE Flaw in Langflow Actively Exploited, No Patch Available

ATLAS OWASP CRITICAL The Hacker News Jun 11, 2026 ▲ 9.2

Unauthenticated RCE Flaw in Langflow Actively Exploited, No Patch Available

A critical unpatched path traversal vulnerability (CVE-2026-5027, CVSS 8.8) in Langflow, a widely-used open-source AI application builder, is being actively exploited in the wild to achieve …

AML.T0047 - ML-Enabled Product or Service AML.T0010 - ML Supply Chain Compromise AML.T0040 - ML Model Inference API Access