Data Extraction
Data extraction attacks target the information processed or memorised by AI/ML systems. They take three main forms. First, training-data extraction: large language models can memorise verbatim spans of their training corpus, and an attacker who crafts the right prompts can pull back PII, API keys, or copyrighted text — a result demonstrated against GPT-2 by Carlini et al. and reproduced against several production models. Second, model extraction: by repeatedly querying a hosted model and observing outputs, an attacker can reconstruct enough behaviour to clone proprietary fine-tunes. Third, system-prompt and conversation leakage: indirect prompt injection or insecure logging can leak the application's instructions and other users' conversations. Multi-tenant inference platforms (vLLM, Triton, hosted APIs) and RAG systems are particularly exposed. Defenses: output filtering, differential privacy in training, rate limits, and strict tenant isolation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-54293 | NLTK: path traversal leaks arbitrary local files | nltk | 7.5 |
| MEDIUM | GHSA-534h-c3cw-v3h9 | Nuxt: local unauth IPC leaks .env secrets on shared hosts | nuxt | 5.5 |
| CRITICAL | CVE-2026-48746 | vllm: auth bypass exposes OpenAI inference API | vllm | 9.1 |
| MEDIUM | CVE-2026-48520 | Langflow: unauth file read via Shareable Playground | langflow | 6.1 |
| HIGH | CVE-2026-33760 | Langflow: IDOR exposes cross-user LLM data and deletion | langflow | 8.8 |
| UNKNOWN | CVE-2026-54311 | n8n: prototype pollution leaks cross-user workflow data | n8n | - |
| HIGH | CVE-2026-54301 | n8n: XSS via CSP bypass steals user sessions | n8n | - |
| MEDIUM | CVE-2026-54308 | n8n: unauthed webhook bypass hijacks AI agent workflows | n8n | - |
| UNKNOWN | CVE-2026-54310 | n8n: SQL injection in Postgres nodes, CVSS 9.9 | n8n | - |
| UNKNOWN | CVE-2026-49465 | n8n: Git node path traversal bypasses file sandbox | n8n | - |
| UNKNOWN | CVE-2026-49444 | n8n: Python sandbox escape enables container RCE | n8n | - |
| HIGH | CVE-2026-53840 | OpenClaw: credential exfiltration via MCP header forwarding | openclaw | 7.1 |
| MEDIUM | CVE-2026-53844 | OpenClaw: auth bypass exposes cross-session agent memory | openclaw | 6.5 |
| MEDIUM | CVE-2026-53845 | OpenClaw: hook bypass enables audit/policy evasion | openclaw | 4.3 |
| MEDIUM | CVE-2026-53852 | OpenClaw: scope bypass allows unauthorized device access | openclaw | 5.4 |
| MEDIUM | CVE-2026-53856 | OpenClaw: insecure permissions expose agent config | openclaw | 5.5 |
| MEDIUM | CVE-2026-53859 | OpenClaw: SSRF blocklist bypass via trailing-dot | openclaw | 6.5 |
| MEDIUM | CVE-2026-53862 | OpenClaw: bootstrap token replay enables scope escalation | openclaw | 4.2 |
| HIGH | CVE-2026-53864 | OpenClaw: env var bypass enables child process code exec | openclaw | 8.1 |
| CRITICAL | CVE-2026-49468 | LiteLLM: auth bypass via Host header spoofing | litellm | 8.1 |