Data Leakage
Data leakage in AI systems happens at three layers. At training time, models can memorise rare strings from their corpus — phone numbers, passwords, API keys committed to public code — and an attacker who knows the right context can prompt the model to regurgitate them. At inference time, applications often pass sensitive context to third-party APIs (OpenAI, Anthropic, Bedrock) without redaction; this content is then potentially logged, retained, or used to improve future models depending on the vendor's terms. At the application layer, multi-tenant deployments routinely leak across users when caching, logging, or vector-store indexing is misconfigured. Indirect prompt injection compounds all three by giving an attacker a way to ask the model to repeat what it should not. Defenses: PII redaction in prompts and outputs, differential privacy in training, vendor data-use review, and strict tenant boundaries in shared infrastructure.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2026-55615 | Langroid: unvalidated LLM Cypher enables graph RCE | langroid | - |
| CRITICAL | GHSA-vjc7-jrh9-9j86 | 9Router: no-auth API leaks keys, chats, provider control | 9router | 10.0 |
| MEDIUM | CVE-2026-55438 | Coder: CORS bypass via workspace subdomain proxy | github.com/coder/coder/v2 | 5.8 |
| MEDIUM | CVE-2026-55437 | Coder: stored XSS in agent logs risks admin session | github.com/coder/coder/v2 | 5.4 |
| HIGH | CVE-2026-55436 | Coder AI Bridge Proxy: TLS bypass leaks BYOK keys | github.com/coder/coder/v2 | 7.4 |
| HIGH | CVE-2026-55431 | Coder: session token leak via workspace app URL | github.com/coder/coder/v2 | 7.7 |
| HIGH | CVE-2026-26193 | Open WebUI: stored XSS via chat 'embeds' iframe escape | open-webui | 7.3 |
| HIGH | CVE-2026-26192 | Open WebUI: stored XSS via citation iFrame → admin RCE | open-webui | 7.3 |
| HIGH | CVE-2025-46719 | Open WebUI: chat XSS steals tokens, admin RCE | open-webui | - |
| MEDIUM | CVE-2025-46571 | Open WebUI: Stored XSS via HTML upload enables admin RCE | open-webui | - |
| HIGH | CVE-2026-53518 | better-auth: race condition mints duplicate OAuth tokens | 8.1 | |
| CRITICAL | CVE-2026-59706 | mem0: unauth config API leaks API keys + SSRF | 9.3 | |
| MEDIUM | CVE-2026-15044 | TrustyAI: missing auth exposes guardrails orchestrator | nemoguardrails | 6.3 |
| MEDIUM | CVE-2026-56359 | n8n: XSS via malicious OAuth2 Authorization URL | n8n | 5.4 |
| HIGH | CVE-2026-59257 | n8n: SQL injection via MySQL v1 node expressions | n8n | 8.8 |
| HIGH | CVE-2026-59261 | OpenClaw: dotenv override leaks provider credentials | openclaw | 7.1 |
| UNKNOWN | CVE-2026-59821 | LiteLLM: code exec via unsandboxed Custom Guardrails | litellm | - |
Page 16 of 16