Anthropic's coordinated vulnerability disclosure dashboard

Last updated 2026-05-22 10:27 PT.

In February 2026, Anthropic began using an early snapshot of Claude Mythos Preview to find security vulnerabilities in open-source software. We then partnered with external security research firms to triage findings, validate them, and report human-reviewed critical- or high-severity vulnerabilities to the software's maintainers under our Coordinated Vulnerability Disclosure policy. This page tracks the findings that we've disclosed, and, in line with our policy, publishes details of the ones whose disclosure window has now closed.

As of May 22, 2026, we've disclosed 1,596 vulnerabilities across 281 open source projects. To our knowledge, 97 of these have been patched. Of those, 88 have been assigned a Common Vulnerabilities and Exposure (CVE) record or a GitHub Security Advisory (GHSA). In other cases, maintainers have shipped a fix without publishing an advisory. The number of vulnerabilities we've disclosed is a subset of the total number of vulnerabilities that Mythos Preview has found, since the process of independent human triage and review is the rate limiting step.

This page covers a headline count of the vulnerabilities we've disclosed, and a breakdown of these by class. For those vulnerabilities we've disclosed and where the disclosure window has now closed, it also includes identifier records (CVE & GHSA) and finding details, further below.

Finally, it includes a disclosure ledger, which lists a hash commitment for every finding we've disclosed that is still inside the disclosure window, so that the finding's existence and commitment date can be proved without revealing its content.

Discovered Triaged 23,019 findings Candidates 1,900 findings Reviewed by external security firms 1,726 findings Confirmed valid 90.8% true positives of 1,900 467 findings Reported to maintainers 1,129 findings Reported direct to maintainers by Anthropic, at their request May contain false positives Disclosed Remediated 1,596 findings Total reported to maintainers 1,451 findings Acknowledged by maintainer 97 findings Patched upstream 88 advisories Security advisories published Counts as of May 22, 2026

The statistics above reflect all bugs found by Claude Mythos Preview. In the near future, we'll add the ability to filter this data by severity. These figures are designed to reflect our coordinated vulnerability disclosure process, which works approximately as follows. A glossary of the terms is available on the About page.

First, Mythos Preview finds candidate vulnerabilities, which we add to a list for human triage. This is the figure at the top.

Then, in order to disclose a vulnerability to a maintainer, we take one of two steps.

Triage: In most cases, we pass them to one of six external security research firms that we have engaged for this endeavor, or we triage them ourselves. We or the security research firms reproduce each issue, assess whether it is a real bug (and if so, assess how severe it is), and then write a report for confirmed bugs that will go to the project's maintainer. Importantly, there are many additional bugs that we or our security partners have investigated and confirmed are real but that we have not yet reported to maintainers, due to capacity limitations.

In our triage process, the "true positive rate" (the number of findings confirmed as valid, as a share of the number of findings manually reviewed) reflects how often the external security research firms determined that a finding Mythos Preview produced was a real vulnerability. This includes real bugs that we later discover have already been reported, and "won't fix" findings (the bug is real, but the maintainer is unlikely to address it—e.g. because it falls outside the project's threat model, or affects code that isn't typically reachable). We include these in the true positive rate because we're reliant on our security research partners (rather than maintainers) to tell us how many bugs they've confirmed, and it's only after the maintainers have received the report and assessed the vulnerability that we'll learn whether a vulnerability is one they plan to fix. For this reason, it's also possible that a vendor has marked a vulnerability as a true positive (or a false positive) in error. Given this, the number of "true positives" in the dashboard above should only be taken as one proxy for impact. Another, more reliable one is the number of patches created, though this is only a lagging indicator of progress, since patches take a long time to create.

Direct disclosure: Some vulnerabilities are disclosed to maintainers directly by Anthropic staff, and don't go through the same independent check. This happens when maintainers specifically request that we provide them un-triaged findings.

Once bugs have either been triaged or directly disclosed, "Acknowledged by maintainer" counts all bugs whose reports maintainers have responded to. "Patched upstream" reflects the number of those vulnerabilities that maintainers have since created and released fixes for, though this does not guarantee that those patches have been widely installed. Finally, "Security advisories published" counts only those patched vulnerabilities that have since been issued either a Common Vulnerabilities and Exposure (CVE) record or a GitHub Security Advisory (GHSA). Some advisories are now public, and we list them out further down on this page. We leave whether to create a security advisory up to the discretion of maintainers.

See About for more information.

DISCLOSURE LEDGER

Once a finding has been validated by one of our external security research firms, a SHA-3-512 hash of the sealed report is published immediately as proof of possession. Status is shown once the maintainer has been notified; the identifier, project, and bug class are revealed only when the disclosure window closes. Committed entries that have not yet reached the maintainer show only the hash and commitment date.

1,611 / 1,611 · View full ledger →

Date committed Hash / identifier Project Bug class Status
2026-05-20 c61fd338d6d28d96… disclosed
2026-05-20 0944ac2cbe1e523c… disclosed
2026-05-20 591324cb1c3c0bb4… disclosed
2026-05-20 318f8c3596ed2be4… disclosed
2026-05-20 813f7ef1002578f2… disclosed
2026-05-20 d0ef674136a61356… disclosed
2026-05-20 d9fb2084babdb6a2… disclosed
2026-05-20 26ff1b26e4a5ed40… disclosed
2026-05-20 3fb73aaa1cc702f0… disclosed
2026-05-20 5477600813df2935… disclosed
View all 1,611 entries →
CVEs

Common Vulnerabilities and Exposures records assigned to findings disclosed through this program. The records below are publicly available. The remainder are reserved, pending publication by the assigning authority.

CVE-2026-27654 nginx · heap-buffer-overflow · high · ANT-2026-HY56VRSB Heap buffer overflow in DAV COPY/MOVE with alias directive. Destination URI shorter than alias length causes size_t underflow in ngx_http_map_uri_to_path buffer calculation, then ngx_copy overflows th nginx · arbitrary-file-write · critical · ANT-2026-VS18SA90 unauthenticated remote file write in nginx WebDAV module
CVE-2026-32316 jq · heap-buffer-overflow · medium · ANT-2026-EBDTPNVH Integer overflow in string concatenation leading to 1 GB memcpy heap buffer overflow
CVE-2026-33721 MapServer · heap-buffer-overflow · medium · ANT-2026-9SZMPW41 Heap buffer overflow in SLD categorize threshold parsing due to wrong counter variable in reallocation guard
CVE-2026-5199 temporalio/temporal · broken-access-control · critical · ANT-2026-DJBBBBPE Cross-namespace manipulation (including deletion) of workflows on the same cluster
CVE-2026-5446 wolfSSL · crypto-failure · high · ANT-2026-SB4PHA43 ARIA-GCM Nonce Reuse in TLS 1.2 Record Encryption in wolfSSL
CVE-2026-5447 wolfSSL · heap-buffer-overflow · medium · ANT-2026-VV0PRKKV
CVE-2026-5448 wolfSSL · heap-buffer-overflow · medium · ANT-2026-6615Y595 Final Assessment: 2-Byte Heap Overflow in wolfSSL_X509_notAfter / wolfSSL_X509_notBefore
CVE-2026-5466 wolfSSL · signature-bypass · high · ANT-2026-KNXJMVYC eccsi universal signature forgery via r 0 s 0 missing s
CVE-2026-5477 wolfSSL · integer-overflow · high · ANT-2026-ZZY4987K cmac 32 bit totalsz wraparound prefix substitution forg
CVE-2026-5479 wolfSSL · crypto-failure · high · ANT-2026-RSSMAMA7 wolfssl evp chacha20 poly1305 poly1305 tag never verifi
CVE-2026-5500 wolfSSL · crypto-failure · high · ANT-2026-P23DVQM2 cms authenvelopeddata aead forgery via gcm tag truncati
CVE-2026-5501 wolfSSL · improper-cert-validation · high · ANT-2026-K8YY7WWS wolfssl x509 verify cert leaf signature verification by
CVE-2026-5503 wolfSSL · heap-buffer-overflow · high · ANT-2026-0JRYQPCF wolfssl ech heap buffer overflow via publicname sni pol
CVE-2026-7474 nomad · path-traversal · critical · ANT-2026-CN7KX43N nomad: path-traversal at client/hostvolumemanager/host_volume_plugin.go:229
GHSAs

GitHub Security Advisory records assigned to findings disclosed through this program. The records below are publicly available. The remainder are reserved, pending publication by the assigning authority.

GHSA-9f49-8x56-jmjc libyang · use-after-free · medium · ANT-2026-TZQ1KH7E Heap use-after-free write in metadata list management during XML data parsing due to incorrect list head pointer update
GHSA-cc7p-2j3x-x7xf CraftCMS · privilege-escalation · high · ANT-2026-ZQ8AY22X Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()
GHSA-chgx-jx3p-rf73 mastodon · signature-bypass · high · ANT-2026-P2DWB2SK LD-Signature bypass via JSON-LD named-graph restructuring
GHSA-crr4-7rm4-8gpw mastodon · ssrf · high · ANT-2026-6DSMTXZ8 SSRF Bypass via IPv6 Unspecified Address (`::`) in Mastodon
GHSA-f26g-jm89-4g65 GitoxideLabs/gitoxide · rce · high · ANT-2026-6SNS6KMP RCE when updating a Git submodule of a malicious repository
GHSA-j273-m5qq-6825 junrar · path-traversal · medium · ANT-2026-9VJ9JJXQ Arbitrary file write due to backslash path traversal
GHSA-mpxh-8fq3-x8mh freerdp · heap-buffer-overflow · high · ANT-2026-H97FY6C8 Heap-buffer-overflow in cliprdr_main.c:547 freerdp · heap-buffer-overflow · medium · ANT-2026-HN9XZXJ9 heap-buffer-overflow write (attacker-controlled offset, partially-controlled data via rle delta values; up to ~15kb overwrite past ptempdata with these parameters, further with larger nxdst) in planar.c:472 freerdp · heap-buffer-overflow · high · ANT-2026-RXYVE4DZ Heap-buffer-overflow in sanitizer_common_interceptors.inc:827
GHSA-mvpx-xj7r-3p3r freerdp · heap-buffer-overflow · high · ANT-2026-H97FY6C8 Heap-buffer-overflow in cliprdr_main.c:547 freerdp · heap-buffer-overflow · medium · ANT-2026-HN9XZXJ9 heap-buffer-overflow write (attacker-controlled offset, partially-controlled data via rle delta values; up to ~15kb overwrite past ptempdata with these parameters, further with larger nxdst) in planar.c:472 freerdp · heap-buffer-overflow · high · ANT-2026-RXYVE4DZ Heap-buffer-overflow in sanitizer_common_interceptors.inc:827
GHSA-p6r2-4hgm-m6ff freerdp · heap-buffer-overflow · high · ANT-2026-H97FY6C8 Heap-buffer-overflow in cliprdr_main.c:547 freerdp · heap-buffer-overflow · medium · ANT-2026-HN9XZXJ9 heap-buffer-overflow write (attacker-controlled offset, partially-controlled data via rle delta values; up to ~15kb overwrite past ptempdata with these parameters, further with larger nxdst) in planar.c:472 freerdp · heap-buffer-overflow · high · ANT-2026-RXYVE4DZ Heap-buffer-overflow in sanitizer_common_interceptors.inc:827
GHSA-w52v-v783-gw97 TryGhost/Ghost · sql-injection · critical · ANT-2026-H5T8XKWR SQL injection in Content API
GHSA-x9h5-r9v2-vcww ImageMagick · heap-buffer-overflow · high · ANT-2026-T44WA684 Heap buffer overflow in MVG pattern rendering via CopyMagickString without bounds check
GHSA-xh8f-g2qw-gcm7 minio · path-traversal · medium · ANT-2026-BRQZSDGZ minio: path-traversal at cmd/xl-storage.go:3194-3218 (sink); cmd/storage-rest-server.go:1287-1326 (handler)
SEVERITY AGREEMENT

This graph compares Claude's initial severity assessments against the external security research firms' assessments, for those findings that have completed triage. Cells on the diagonal indicate agreement. The number assessed here represents the subset of vulnerabilities included on our disclosure ledger that were reviewed by our security partners, rather than disclosed by us directly.

External security researchfirm-assessedClaude-assessedcriticalClaude-assessed critical vs external security research firm-assessed critical: 2323Claude-assessed critical vs external security research firm-assessed high: 145145Claude-assessed critical vs external security research firm-assessed medium: 55Claude-assessed critical vs external security research firm-assessed low: 1919highClaude-assessed high vs external security research firm-assessed critical: 22Claude-assessed high vs external security research firm-assessed high: 180180Claude-assessed high vs external security research firm-assessed medium: 1313Claude-assessed high vs external security research firm-assessed low: 22mediumClaude-assessed medium vs external security research firm-assessed critical: 0Claude-assessed medium vs external security research firm-assessed high: 33Claude-assessed medium vs external security research firm-assessed medium: 5252Claude-assessed medium vs external security research firm-assessed low: 22lowClaude-assessed low vs external security research firm-assessed critical: 0Claude-assessed low vs external security research firm-assessed high: 0Claude-assessed low vs external security research firm-assessed medium: 0Claude-assessed low vs external security research firm-assessed low: 1717criticalhighmediumlow
Claude-assessed (rows) against external security research firm-assessed (columns), n = 463. 58.7% exact agreement, 94.4% within one band.

Anthropic's severity assessments are produced before any maintainer input. Project maintainers often apply project-specific severity rules that Claude does not have access to at run time, so what one maintainer rates as critical another may rate as low. The external security research firms incorporate that context, which is why their assessments tend to be lower.

PROVENANCE

This snapshot was generated on 2026-05-22 10:27 PT. The manifest hash below is the SHA-3-512 hash of the structured payload and is republished with every dated snapshot so any figure on this page can be verified against the machine-readable record.

Revision 1 · checksum b7a0c5362f95291c017a1a208ae5d9ca3f44f7f0560ca3553ec88d46636999aafcf4ebbbe4fd344703e36dc33d492a58a1c965b8198801d5775e4d85f69ff8e4