Data Extraction
Data extraction attacks target the information processed or memorised by AI/ML systems. They take three main forms. First, training-data extraction: large language models can memorise verbatim spans of their training corpus, and an attacker who crafts the right prompts can pull back PII, API keys, or copyrighted text — a result demonstrated against GPT-2 by Carlini et al. and reproduced against several production models. Second, model extraction: by repeatedly querying a hosted model and observing outputs, an attacker can reconstruct enough behaviour to clone proprietary fine-tunes. Third, system-prompt and conversation leakage: indirect prompt injection or insecure logging can leak the application's instructions and other users' conversations. Multi-tenant inference platforms (vLLM, Triton, hosted APIs) and RAG systems are particularly exposed. Defenses: output filtering, differential privacy in training, rate limits, and strict tenant isolation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-26286 | sillytavern: SSRF allows internal network access | 8.5 | |
| MEDIUM | CVE-2024-5206 | scikit-learn: TfidfVectorizer leaks training data tokens | scikit-learn | 4.7 |
| MEDIUM | CVE-2025-12058 | Keras: safe_mode bypass enables file read and SSRF | keras | - |
| HIGH | CVE-2026-1669 | keras: File Control enables path manipulation | keras | 7.5 |
| CRITICAL | CVE-2025-32375 | BentoML: RCE via insecure deserialization in runner | bentoml | 9.8 |
| CRITICAL | CVE-2025-54381 | BentoML: unauthenticated SSRF via file upload URLs | bentoml | 9.9 |
| MEDIUM | CVE-2026-24123 | bentoml: Path Traversal enables file access | bentoml | 6.5 |
| MEDIUM | CVE-2023-27562 | n8n: path traversal allows arbitrary file read | n8n | 6.5 |
| HIGH | CVE-2023-27563 | n8n: privilege escalation exposes full workflow admin | n8n | 8.8 |
| HIGH | CVE-2023-27564 | n8n: unauthenticated info disclosure exposes credentials | n8n | 7.5 |
| MEDIUM | CVE-2025-57749 | n8n: symlink traversal enables arbitrary file read/write | n8n | 6.5 |
| CRITICAL | CVE-2025-55526 | n8n-workflows: path traversal in download_workflow endpoint | fastapi | 9.1 |
| HIGH | CVE-2025-56265 | n8n: unrestricted file upload RCE via Chat Trigger | n8n | 8.8 |
| HIGH | CVE-2025-62726 | n8n: security flaw enables exploitation | n8n | 8.8 |
| HIGH | CVE-2025-68613 | n8n: security flaw enables exploitation | n8n | 8.8 |
| MEDIUM | CVE-2025-61914 | n8n: XSS enables session hijacking | n8n | 5.4 |
| MEDIUM | CVE-2025-68697 | n8n: security flaw enables exploitation | n8n | 5.4 |
| CRITICAL | CVE-2026-21858 | n8n: Input Validation flaw enables exploitation | n8n | 10.0 |
| CRITICAL | CVE-2026-0863 | n8n: Code Injection enables RCE | n8n | 9.9 |
| CRITICAL | CVE-2026-1470 | n8n: Code Injection enables RCE | n8n | 9.9 |