Data Leakage
Data leakage in AI systems happens at three layers. At training time, models can memorise rare strings from their corpus — phone numbers, passwords, API keys committed to public code — and an attacker who knows the right context can prompt the model to regurgitate them. At inference time, applications often pass sensitive context to third-party APIs (OpenAI, Anthropic, Bedrock) without redaction; this content is then potentially logged, retained, or used to improve future models depending on the vendor's terms. At the application layer, multi-tenant deployments routinely leak across users when caching, logging, or vector-store indexing is misconfigured. Indirect prompt injection compounds all three by giving an attacker a way to ask the model to repeat what it should not. Defenses: PII redaction in prompts and outputs, differential privacy in training, vendor data-use review, and strict tenant boundaries in shared infrastructure.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2026-8828 | ChromaDB: tenant isolation bypass exposes all tenant data | chromadb | - |
| MEDIUM | CVE-2026-53825 | OpenClaw: path traversal exposes local files via wiki ingest | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-53826 | OpenClaw: workspace path leaked from sandboxed sessions | OpenClaw | 4.3 |
| HIGH | CVE-2026-53833 | OpenClaw: auth bypass allows agent config mutation | openclaw | 7.7 |
| MEDIUM | CVE-2026-53830 | OpenClaw: stale webhook secrets bypass revocation | OpenClaw | 6.5 |
| MEDIUM | GHSA-534h-c3cw-v3h9 | Nuxt: local unauth IPC leaks .env secrets on shared hosts | nuxt | 5.5 |
| MEDIUM | CVE-2026-48520 | Langflow: unauth file read via Shareable Playground | langflow | 6.1 |
| MEDIUM | CVE-2026-42867 | Langflow: path traversal enables arbitrary file write | langflow | 6.5 |
| MEDIUM | CVE-2026-54306 | n8n: webhook prototype pollution enables confused deputy | n8n | - |
| UNKNOWN | CVE-2026-54313 | n8n: MongoDB query injection overwrites arbitrary documents | n8n | - |
| UNKNOWN | CVE-2026-54310 | n8n: SQL injection in Postgres nodes, CVSS 9.9 | n8n | - |
| HIGH | CVE-2026-53840 | OpenClaw: credential exfiltration via MCP header forwarding | openclaw | 7.1 |
| MEDIUM | CVE-2026-53841 | OpenClaw: XSS via unsafe links in exported session HTML | openclaw | 6.1 |
| MEDIUM | CVE-2026-53856 | OpenClaw: insecure permissions expose agent config | openclaw | 5.5 |
| HIGH | CVE-2026-53857 | OpenClaw: display name spoofing bypasses agent allowFrom policy | openclaw | 8.1 |
| UNKNOWN | CVE-2026-54304 | n8n: credential exfiltration via SecurityScorecard SSRF node | n8n | - |
| MEDIUM | GHSA-jwm3-qcfw-c5pp | n8n: AST bypass leaks env vars in Python Task Runner | n8n | 5.0 |
| HIGH | CVE-2026-54012 | Open WebUI: auth bypass enables cross-user file read/delete | open-webui | 7.1 |
| MEDIUM | CVE-2026-54236 | vLLM: heap address leak enables ASLR bypass | vllm | 5.3 |
| CRITICAL | CVE-2026-35306 | Oracle Coherence: unauthenticated data access via HTTP | coherence | 9.3 |