AI Threat Alert
Attack Type
Data Extraction
Data extraction attacks target AI/ML systems to exfiltrate training data, model weights, user conversations, or other sensitive information. These vulnerabilities are critical in multi-tenant AI deployments.
418
Total CVEs
21
Pages
Page 21 of 21
Current
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-40217 | LiteLLM: RCE via bytecode rewriting in guardrails API | litellm | 8.8 |
| CRITICAL | GHSA-8x8f-54wf-vv92 | PraisonAI: auth bypass enables browser session hijack | PraisonAI | 9.1 |
| MEDIUM | GHSA-x783-xp3g-mqhp | PraisonAI: SQL injection via table_prefix exposes DB | PraisonAI | - |
| HIGH | CVE-2026-40114 | PraisonAI: unauthenticated SSRF via unvalidated webhook_url | PraisonAI | 7.2 |
| MEDIUM | GHSA-ffp3-3562-8cv3 | PraisonAI: tool approval bypass leaks env credentials | praisonaiagents | 5.5 |
| HIGH | CVE-2026-40160 | praisonaiagents: SSRF in web_crawl exposes cloud metadata | praisonaiagents | - |
| HIGH | GHSA-x462-jjpc-q4q4 | praisonaiagents: CORS bypass enables silent agent RCE | praisonaiagents | 8.1 |
| MEDIUM | CVE-2026-40159 | PraisonAI: MCP env inheritance exposes API keys | PraisonAI | 5.5 |
| HIGH | CVE-2026-40158 | PraisonAI: AST sandbox bypass enables host RCE | PraisonAI | 8.6 |
| MEDIUM | CVE-2026-40152 | praisonaiagents: glob traversal leaks filesystem metadata | praisonaiagents | 5.3 |
| HIGH | CVE-2026-40153 | praisonaiagents: env var expansion exposes production secrets | praisonaiagents | 7.4 |
| MEDIUM | CVE-2026-40151 | PraisonAI: unauthenticated agent config and system prompt disclosure | PraisonAI | 5.3 |
| MEDIUM | CVE-2026-35657 | openclaw: auth bypass exposes agent session history via HTTP | openclaw | - |
| CRITICAL | CVE-2026-1115 | lollms: Stored XSS enables wormable account takeover | lollms | 9.6 |
| MEDIUM | CVE-2026-40086 | rembg: path traversal exposes arbitrary files via HTTP API | rembg | 5.3 |
| MEDIUM | CVE-2026-6011 | OpenClaw: SSRF via web-fetch enables internal network pivot | openclaw | 5.6 |
| MEDIUM | CVE-2026-35646 | openclaw: webhook rate-limit bypass enables token brute-force | openclaw | - |
| HIGH | CVE-2026-35629 | openclaw: SSRF in channel extensions hits internal network | openclaw | - |
Page 21 of 21