AI Threat Alert

Attack Type

Privacy Violation

Privacy violations in AI systems involve unauthorized collection, processing, or exposure of personal data through model memorization, training data leaks, or inadequate access controls.

57

Total CVEs

3

Pages

Page 3 of 3

Current

Severity	CVE	Headline	Package	CVSS
HIGH	CVE-2026-33484	langflow: Access Control bypass enables privilege escalation	langflow	7.5
HIGH	CVE-2026-22219	chainlit: SSRF allows internal network access	chainlit	7.7
UNKNOWN	CVE-2026-33401	Wallos: SSRF allows internal network access		-
CRITICAL	CVE-2025-32428	jupyter-remote-desktop-proxy: VNC network exposure	jupyter-remote-desktop-proxy	-
MEDIUM	CVE-2024-7046	Open WebUI: missing authz leaks admin credentials	open-webui	4.3
HIGH	CVE-2025-25295	Label Studio SDK: path traversal leaks server filesystem	label-studio-sdk	-
MEDIUM	CVE-2024-7041	open-webui: IDOR enables cross-user memory tampering	open-webui	6.5
LOW	CVE-2026-29071	Open WebUI: IDOR exposes AI memories and private files	open-webui	3.1
UNKNOWN	CVE-2026-2286	CrewAI: SSRF via unvalidated RAG tool URLs exposes internal services		-
HIGH	CVE-2026-29872	awesome-llm-apps MCP Agent: cross-session credential theft		8.2
HIGH	CVE-2026-35394	mobile-mcp: intent injection enables device control via AI agent		8.3
MEDIUM	CVE-2026-5530	Ollama: SSRF in Model Pull API enables network pivot		6.3
MEDIUM	GHSA-2f7j-rp58-mr42	OpenClaw: info disclosure exposes host filesystem paths	openclaw	-
HIGH	GHSA-69x8-hrgq-fjj8	LiteLLM: auth bypass chain enables full privilege escalation	litellm	-
HIGH	GHSA-4ggg-h7ph-26qr	n8n-mcp: authenticated SSRF leaks cloud metadata	n8n-mcp	8.5
LOW	GHSA-5fc7-f62m-8983	OpenClaw: local file read bypasses workspace policy	openclaw	-
MEDIUM	GHSA-qqq7-4hxc-x63c	openclaw: local file exfiltration via trusted MEDIA refs	openclaw	-

Page 3 of 3

Related Attack Types

Prompt Injection Data Extraction Jailbreak Supply Chain Model Poisoning Adversarial Examples