Data Extraction
Data extraction attacks target the information processed or memorised by AI/ML systems. They take three main forms. First, training-data extraction: large language models can memorise verbatim spans of their training corpus, and an attacker who crafts the right prompts can pull back PII, API keys, or copyrighted text — a result demonstrated against GPT-2 by Carlini et al. and reproduced against several production models. Second, model extraction: by repeatedly querying a hosted model and observing outputs, an attacker can reconstruct enough behaviour to clone proprietary fine-tunes. Third, system-prompt and conversation leakage: indirect prompt injection or insecure logging can leak the application's instructions and other users' conversations. Multi-tenant inference platforms (vLLM, Triton, hosted APIs) and RAG systems are particularly exposed. Defenses: output filtering, differential privacy in training, rate limits, and strict tenant isolation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-54352 | Budibase: zip symlink bypass exposes all server secrets | @budibase/server | 9.6 |
| HIGH | CVE-2026-50132 | Budibase: account hijack via chat identity CSRF | 7.3 | |
| HIGH | CVE-2026-52798 | Gogs: Stored XSS via .ipynb Markdown re-render bypass | gogs.io/gogs | 8.9 |
| HIGH | CVE-2026-54232 | vLLM: dependency confusion RCE backdoors container images | vllm | 8.8 |
| MEDIUM | CVE-2026-48167 | Filament: stored XSS in ImageColumn/ImageEntry | 6.4 | |
| HIGH | CVE-2026-55409 | Filament: stored XSS in disabled RichEditor field | 7.6 | |
| HIGH | CVE-2026-56268 | Flowise: cross-workspace chatflow config disclosure | Flowise | 7.7 |
| CRITICAL | CVE-2026-56348 | n8n: SSRF bypasses allowlist, exfiltrates credentials | n8n | 9.1 |
| MEDIUM | CVE-2026-10645 | Zephyr RTOS: ext2 OOB read/DoS via malformed filesystem | 4.9 | |
| HIGH | CVE-2025-71337 | Flowise: account takeover via unverified email change | Flowise | 8.3 |
| UNKNOWN | CVE-2026-56275 | Flowise: SSRF bypasses security check in Execute Flow | Flowise | - |
| HIGH | CVE-2026-22181 | OpenClaw: SSRF guard bypass exposes internal services | OpenClaw | 7.6 |
| MEDIUM | CVE-2026-27522 | OpenClaw: path traversal enables arbitrary file read via media actions | OpenClaw | 6.5 |
| HIGH | CVE-2026-31989 | OpenClaw: SSRF in citation redirect exposes internal network | OpenClaw | 7.4 |
| MEDIUM | CVE-2026-31996 | OpenClaw: safeBins bypass allows file read/write | OpenClaw | 4.4 |
| MEDIUM | CVE-2026-32008 | OpenClaw: file:// bypass enables local file exfiltration | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-32002 | OpenClaw: sandbox bypass exfiltrates files via vision API | OpenClaw | 5.3 |
| MEDIUM | CVE-2026-32007 | OpenClaw: path traversal enables sandbox file escape | OpenClaw | 6.8 |
| HIGH | CVE-2026-32013 | OpenClaw: symlink traversal enables host file read/write | OpenClaw | 8.8 |
| HIGH | CVE-2026-32019 | OpenClaw: SSRF bypass via incomplete IPv4 range validation | OpenClaw | 7.4 |