AI Threat Alert
Attack Type
Data Extraction
Data extraction attacks target AI/ML systems to exfiltrate training data, model weights, user conversations, or other sensitive information. These vulnerabilities are critical in multi-tenant AI deployments.
418
Total CVEs
21
Pages
Page 20 of 21
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-39411 | LobeChat: auth bypass via forged XOR obfuscated header | @lobehub/lobehub | 5.0 |
| MEDIUM | GHSA-766v-q9x3-g744 | praisonaiagents: agent context leak + path traversal | praisonaiagents | 6.5 |
| HIGH | CVE-2026-39891 | praisonai: SSTI enables RCE via agent instructions | praisonai | 8.8 |
| HIGH | CVE-2026-39889 | PraisonAI: unauth A2U stream leaks all agent activity | praisonai | 7.5 |
| HIGH | GHSA-4ggg-h7ph-26qr | n8n-mcp: authenticated SSRF leaks cloud metadata | n8n-mcp | 8.5 |
| MEDIUM | CVE-2026-5803 | openai-realtime-ui: SSRF in API proxy endpoint | 6.3 | |
| MEDIUM | GHSA-926x-3r5x-gfhw | LangChain: f-string template injection exposes object internals | langchain-core | 5.3 |
| MEDIUM | CVE-2026-1163 | lollms: sessions persist after password reset | lollms | 4.1 |
| HIGH | CVE-2026-39974 | n8n-MCP: SSRF exposes cloud metadata via MCP headers | 8.5 | |
| HIGH | GHSA-qx8j-g322-qj6m | OpenClaw: unsafe body replay on cross-origin redirect | openclaw | - |
| MEDIUM | GHSA-w8g9-x8gx-crmm | OpenClaw: SSRF bypass via Playwright redirect handling | openclaw | - |
| MEDIUM | GHSA-vr5g-mmx7-h897 | OpenClaw: SSRF bypass via interaction-triggered navigation | openclaw | - |
| LOW | GHSA-5fc7-f62m-8983 | OpenClaw: local file read bypasses workspace policy | openclaw | - |
| MEDIUM | GHSA-3fv3-6p2v-gxwj | openclaw: SSRF bypass in QQ Bot media fetch paths | openclaw | - |
| MEDIUM | GHSA-qqq7-4hxc-x63c | openclaw: local file exfiltration via trusted MEDIA refs | openclaw | - |
| MEDIUM | CVE-2026-40087 | LangChain: template injection leaks object attributes | langchain-core | 5.3 |
| LOW | GHSA-cm8v-2vh9-cxf3 | openclaw: git env var injection enables host redirect | openclaw | - |
| MEDIUM | CVE-2026-40112 | PraisonAI: XSS via no-op HTML sanitizer in agent output | praisonai | 5.4 |
| MEDIUM | CVE-2026-40117 | PraisonAI: arbitrary file read via unguarded skill tool | praisonaiagents | 6.2 |
| HIGH | CVE-2026-40150 | PraisonAIAgents: SSRF exposes cloud metadata via web_crawl | praisonaiagents | 7.7 |