Data Extraction
Data extraction attacks target the information processed or memorised by AI/ML systems. They take three main forms. First, training-data extraction: large language models can memorise verbatim spans of their training corpus, and an attacker who crafts the right prompts can pull back PII, API keys, or copyrighted text — a result demonstrated against GPT-2 by Carlini et al. and reproduced against several production models. Second, model extraction: by repeatedly querying a hosted model and observing outputs, an attacker can reconstruct enough behaviour to clone proprietary fine-tunes. Third, system-prompt and conversation leakage: indirect prompt injection or insecure logging can leak the application's instructions and other users' conversations. Multi-tenant inference platforms (vLLM, Triton, hosted APIs) and RAG systems are particularly exposed. Defenses: output filtering, differential privacy in training, rate limits, and strict tenant isolation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-46480 | Flowise: mass-assignment allows cross-workspace takeover | flowise | 8.8 |
| HIGH | CVE-2026-32981 | Ray Dashboard: unauthenticated path traversal file read | ray | 7.5 |
| MEDIUM | CVE-2026-20258 | Splunk: stored XSS hijacks dashboards via HTML panel | 5.4 | |
| MEDIUM | CVE-2026-46642 | draw.io: stored XSS executes JS via crafted diagram file | 6.1 | |
| HIGH | CVE-2026-42558 | Xibo CMS: Stored XSS + iframe sandbox escape via DataSet | 7.6 | |
| MEDIUM | CVE-2026-3341 | Langflow: SSRF exposes internal ML infrastructure | langflow | 5.4 |
| HIGH | CVE-2026-7787 | Langflow: IDOR bypasses auth, exposes sensitive AI configs | langflow | 8.1 |
| HIGH | CVE-2026-53811 | OpenClaw: privilege escalation via identity spoofing | openclaw | 8.8 |
| HIGH | CVE-2026-53812 | OpenClaw: SSRF bypasses private-network access controls | openclaw | 7.7 |
| HIGH | CVE-2026-53813 | OpenClaw: path traversal enables RCE via memory-core artifacts | openclaw | 7.8 |
| MEDIUM | CVE-2026-53815 | OpenClaw: auth bypass exposes restricted channel messages | openclaw | 6.5 |
| MEDIUM | CVE-2026-53818 | OpenClaw: MCP loopback auth bypass enables policy evasion | openclaw | 6.6 |
| MEDIUM | CVE-2026-10127 | Edimax BR-6478AC: RCE via rootAPmac command injection | 6.3 | |
| CRITICAL | CVE-2024-13152 | Mobuy Panel: SQLi allows unauthenticated DB takeover | Mobuy Online Machinery Monitoring Panel | 10.0 |
| CRITICAL | CVE-2024-13147 | B2B Login Panel: SQLi enables unauthenticated DB access | B2B Login Panel | 9.8 |
| MEDIUM | CVE-2026-10548 | hermes-agent: auth bypass exposes Anthropic API credentials | 5.3 | |
| MEDIUM | CVE-2024-11831 | serialize-javascript: XSS via regex in AI/ML dashboards | odh-kf-notebook-controller-rhel8 | 5.4 |
| CRITICAL | CVE-2024-6878 | Panel: file exposure enables sensitive ML data collection | Panel | - |
| CRITICAL | CVE-2024-5959 | Panel: Stored XSS enables session hijack in ML dashboards | Panel | - |
| CRITICAL | CVE-2024-5960 | Panel: plaintext credential storage enables domain compromise | Panel | 9.8 |