AI Threat Alert
Privacy Violation
Privacy is an unusual security category in AI because the data is often inside the model rather than next to it. Three failure modes dominate. First, training-data memorization: models can be coaxed into emitting verbatim PII or copyrighted text from their corpus — a documented vector against several frontier LLMs. Second, vendor data retention: applications routinely send user content to third-party APIs (OpenAI, Anthropic, Google) where it may be retained, logged for safety review, or used to improve future models, depending on the contract; under GDPR this is a controller-processor relationship that requires DPAs and lawful basis. Third, application-layer leakage: chat histories cached without per-tenant keys, vector stores indexed without ACLs, and logs containing full prompts. Compliance frameworks now address this directly: ISO 42001 Annex A 9.x, EU AI Act Article 10 (Data Governance), and GDPR Article 25 (Data Protection by Design).
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-40086 | rembg: path traversal exposes arbitrary files via HTTP API | rembg | 5.3 |
| MEDIUM | CVE-2026-6011 | OpenClaw: SSRF via web-fetch enables internal network pivot | openclaw | 5.6 |
| HIGH | GHSA-gqqj-85qm-8qhf | paperclipai: connector trust bypass enables Gmail read/write | paperclipai | 8.7 |
| HIGH | GHSA-6f7g-v4pp-r667 | Flowise: OAuth token theft via unauthenticated endpoint | flowise | - |
| HIGH | GHSA-48m6-ch88-55mj | Flowise: Mass Assignment allows cross-tenant org takeover | flowise | 8.1 |
| MEDIUM | GHSA-9hrv-gvrv-6gf2 | Flowise: SSRF bypass enables cloud metadata access | flowise-components | - |
| HIGH | GHSA-66r7-m7xm-v49h | openclaw: path traversal exposes host files via media tags | openclaw | - |
| MEDIUM | GHSA-5gjc-grvm-m88j | openclaw: auth bypass enables persistent memory config change | openclaw | - |
| MEDIUM | CVE-2026-6598 | Langflow: cleartext auth storage exposes API keys | langflow | 4.3 |
| CRITICAL | CVE-2026-41267 | Flowise: mass assignment auth bypass in registration | flowise | 9.8 |
| HIGH | CVE-2026-41270 | Flowise: SSRF bypass exposes cloud metadata services | flowise | 8.3 |
| MEDIUM | GHSA-wg4g-395p-mqv3 | n8n-mcp: credential exposure via HTTP transport logging | n8n-mcp | 4.3 |
| UNKNOWN | CVE-2026-41686 | @anthropic-ai/sdk: insecure file perms expose agent memory | @anthropic-ai/sdk | - |
| UNKNOWN | CVE-2026-42226 | n8n: IDOR exposes cross-user API key exfiltration | n8n | - |
| MEDIUM | CVE-2026-3340 | IBM Langflow: SSRF enables internal network enumeration | langflow | 6.5 |
| HIGH | CVE-2026-4503 | Langflow Desktop: IDOR leaks user images unauthenticated | langflow | 7.5 |
| HIGH | CVE-2026-6542 | Langflow: IDOR exposes cross-tenant flow data and deletion | langflow | 8.1 |
| MEDIUM | GHSA-5h3g-6xhh-rg6p | openclaw: TOCTOU race allows out-of-sandbox file read | openclaw | - |
| LOW | CVE-2026-7847 | Langchain-Chatchat: predictable file IDs leak uploaded files | langchain-chatchat | 2.6 |
| HIGH | CVE-2026-35397 | Jupyter Server: path traversal leaks sibling directories | jupyter-server | 7.1 |