Compiled over the past few weeks. Covers four streams: Adversarial ML, Agent Security, Supply Chain, and Prompt Injection.


Highlights by severity:


**CRITICAL (9 advisories)**
- ML model scanner universal blocklist bypass -- the scanner HuggingFace Hub relies on for model upload safety can be completely bypassed via stdlib modules. CVSS 10.0.
- Flowise 6-vuln cluster (CVE-2026-30820 through CVE-2026-31829) -- missing auth, file upload, IDOR, mass assignment, SSRF. CVSS 9.8.
- MLflow auth bypass chained to RCE via artifact path traversal (CVE-2026-2635 + CVE-2026-2033). Default install ships with hardcoded credentials. CVSS 9.8.
- vLLM RCE via video processing pipeline (CVE-2026-22778) -- heap overflow to ASLR bypass, unauthenticated. CVSS 9.8.
- Agenta LLMOps sandbox escape + SSTI (CVE-2026-27952, CVE-2026-27961). CVSS 9.9.
- claude-code-ui triple command injection (CVE-2026-31975, CVE-2026-31862, CVE-2026-31861). CVSS 9.8.


**Notable HIGH/MEDIUM**
- LangGraph checkpoint unsafe msgpack deserialization (CVE-2026-28277) + Redis query injection (CVE-2026-27022)
- PyTorch weights_only unpickler memory corruption (CVE-2026-24747) -- defeats the mitigation everyone recommends
- MCP server vulnerabilities across mcp-server-git, mcp-atlassian, WeKnora
- First documented in-the-wild indirect prompt injection against production AI agents (Unit 42 research)


Each advisory includes full attack chain analysis, MITRE ATLAS mapping where applicable, and Sigma detection rules you can deploy. 94 rules total across the 22 advisories.