Data Extraction
Data extraction attacks target the information processed or memorised by AI/ML systems. They take three main forms. First, training-data extraction: large language models can memorise verbatim spans of their training corpus, and an attacker who crafts the right prompts can pull back PII, API keys, or copyrighted text — a result demonstrated against GPT-2 by Carlini et al. and reproduced against several production models. Second, model extraction: by repeatedly querying a hosted model and observing outputs, an attacker can reconstruct enough behaviour to clone proprietary fine-tunes. Third, system-prompt and conversation leakage: indirect prompt injection or insecure logging can leak the application's instructions and other users' conversations. Multi-tenant inference platforms (vLLM, Triton, hosted APIs) and RAG systems are particularly exposed. Defenses: output filtering, differential privacy in training, rate limits, and strict tenant isolation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-32024 | OpenClaw: symlink traversal leaks arbitrary local files | OpenClaw | 5.5 |
| LOW | CVE-2026-32020 | OpenClaw: symlink traversal enables arbitrary file read | OpenClaw | 3.3 |
| MEDIUM | CVE-2026-32022 | OpenClaw: grep safeBins bypass enables arbitrary file read | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-32033 | OpenClaw: path traversal leaks files outside workspace | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-32027 | OpenClaw: authorization bypass in group sender allowlist | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-32026 | OpenClaw: sandbox path traversal leaks host temp files | OpenClaw | 6.5 |
| HIGH | CVE-2026-32030 | OpenClaw: path traversal exposes host files via SCP | OpenClaw | 7.5 |
| MEDIUM | CVE-2026-32037 | OpenClaw: SSRF bypass via MSTeams redirect chain | OpenClaw | 6.0 |
| MEDIUM | CVE-2026-32040 | OpenClaw: XSS via HTML export mimeType injection | OpenClaw | 4.6 |
| MEDIUM | CVE-2026-32036 | OpenClaw: auth bypass via encoded path traversal in gateway | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-32045 | OpenClaw: auth bypass exposes HTTP gateway routes | OpenClaw | 5.9 |
| HIGH | CVE-2026-32042 | OpenClaw: privilege escalation via unpaired device identity | OpenClaw | 8.8 |
| HIGH | CVE-2026-32064 | OpenClaw: unauthenticated VNC access in AI sandbox | OpenClaw | 7.7 |
| HIGH | CVE-2026-32914 | OpenClaw: access control bypass in config/debug handlers | OpenClaw | 8.8 |
| CRITICAL | CVE-2026-32913 | OpenClaw: auth header leak via cross-origin redirect | OpenClaw | 9.3 |
| MEDIUM | CVE-2026-32898 | OpenClaw: ACP bypass enables silent tool execution | OpenClaw | 5.4 |
| HIGH | CVE-2026-32918 | OpenClaw: session sandbox escape exposes cross-agent state | OpenClaw | 8.4 |
| LOW | CVE-2026-32970 | OpenClaw: credential fallback bypasses local auth boundary | OpenClaw | 2.5 |
| CRITICAL | CVE-2026-32975 | OpenClaw: auth bypass via group name spoofing in agent | OpenClaw | 9.8 |
| HIGH | CVE-2026-33572 | OpenClaw: insecure transcript files expose agent secrets | OpenClaw | 8.4 |