Data Extraction
Data extraction attacks target the information processed or memorised by AI/ML systems. They take three main forms. First, training-data extraction: large language models can memorise verbatim spans of their training corpus, and an attacker who crafts the right prompts can pull back PII, API keys, or copyrighted text — a result demonstrated against GPT-2 by Carlini et al. and reproduced against several production models. Second, model extraction: by repeatedly querying a hosted model and observing outputs, an attacker can reconstruct enough behaviour to clone proprietary fine-tunes. Third, system-prompt and conversation leakage: indirect prompt injection or insecure logging can leak the application's instructions and other users' conversations. Multi-tenant inference platforms (vLLM, Triton, hosted APIs) and RAG systems are particularly exposed. Defenses: output filtering, differential privacy in training, rate limits, and strict tenant isolation.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-33573 | OpenClaw: workspace boundary bypass, arbitrary exec | OpenClaw | 8.8 |
| MEDIUM | CVE-2026-33578 | OpenClaw: allowlist bypass exposes AI agents to all users | OpenClaw | 4.3 |
| HIGH | CVE-2026-33577 | OpenClaw: scope bypass lets low-priv ops elevate node access | OpenClaw | 8.1 |
| MEDIUM | CVE-2026-33581 | OpenClaw: sandbox bypass enables arbitrary file read | OpenClaw | 6.5 |
| HIGH | CVE-2026-34503 | OpenClaw: WebSocket session persists after token revocation | OpenClaw | 8.1 |
| HIGH | CVE-2026-34504 | OpenClaw: SSRF in fal provider exposes internal services | OpenClaw | 8.3 |
| MEDIUM | CVE-2026-35620 | OpenClaw: missing authz enables session policy hijack | OpenClaw | 5.4 |
| MEDIUM | CVE-2026-35619 | OpenClaw: auth bypass exposes AI gateway model metadata | OpenClaw | 4.3 |
| MEDIUM | CVE-2026-35634 | OpenClaw: auth bypass grants unauthenticated Canvas access | OpenClaw | 5.1 |
| HIGH | CVE-2026-35637 | OpenClaw: auth bypass via premature cite expansion | OpenClaw | 7.3 |
| MEDIUM | CVE-2026-35631 | OpenClaw: auth bypass on ACP mutating commands | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-35635 | OpenClaw: webhook route hijack bypasses DM access controls | OpenClaw | 4.8 |
| MEDIUM | CVE-2026-35644 | OpenClaw: credential exposure via gateway channel URLs | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-35658 | OpenClaw: sandbox bypass exposes host filesystem reads | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-35659 | OpenClaw: DNS-SD metadata hijacks CLI routing | OpenClaw | 4.6 |
| HIGH | CVE-2026-35660 | OpenClaw: auth bypass allows admin session hijacking | OpenClaw | 8.1 |
| MEDIUM | CVE-2026-35670 | OpenClaw: webhook rebinding exposes user data | OpenClaw | 5.9 |
| HIGH | CVE-2026-35669 | OpenClaw: privilege escalation via plugin scope bypass | OpenClaw | 8.8 |
| HIGH | CVE-2026-35668 | OpenClaw: sandbox path traversal exposes agent secrets | OpenClaw | 7.7 |
| MEDIUM | CVE-2026-40037 | OpenClaw: request body replay leaks credentials via redirect | OpenClaw | 6.5 |