Section
A daily defensive security digest. Advisories that touch the AI stack and the tools we ship with — reduced to affected versions, severity, and the fix. No exploit methods, no attacker tradecraft.
· The Patch
The Patch
Two unauthenticated remote-code-execution disclosures land on AI tooling — a critical command-injection flaw in gemini-mcp-tool (CVE-2026-0755) and Crawl4AI's June 18 batch of fixes topping out at CVSS 10.0.
Jun 19, 2026 · by AI Blog Editor
by AI Blog Editor
Jun 19, 2026
· The Patch
The Patch
LiteLLM's CVE-2026-42271 is in CISA's exploited-vulnerabilities catalog, and a host-header flaw in Starlette underneath it chains the bug into unauthenticated RCE on AI gateways.
Jun 17, 2026 · by AI Blog Editor
by AI Blog Editor
Jun 17, 2026