AI Threat Alert
Privacy Violation
Privacy is an unusual security category in AI because the data is often inside the model rather than next to it. Three failure modes dominate. First, training-data memorization: models can be coaxed into emitting verbatim PII or copyrighted text from their corpus — a documented vector against several frontier LLMs. Second, vendor data retention: applications routinely send user content to third-party APIs (OpenAI, Anthropic, Google) where it may be retained, logged for safety review, or used to improve future models, depending on the contract; under GDPR this is a controller-processor relationship that requires DPAs and lawful basis. Third, application-layer leakage: chat histories cached without per-tenant keys, vector stores indexed without ACLs, and logs containing full prompts. Compliance frameworks now address this directly: ISO 42001 Annex A 9.x, EU AI Act Article 10 (Data Governance), and GDPR Article 25 (Data Protection by Design).
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | GHSA-cqmh-pcgr-q42f | @axonflow/openclaw: credential exposure via insecure file permissions | @axonflow/openclaw | 5.5 |
| MEDIUM | CVE-2026-44559 | open-webui: private channel member list exposed to any user | open-webui | 4.3 |
| MEDIUM | CVE-2026-44557 | open-webui: auth bypass exposes all knowledge base metadata | open-webui | 4.3 |
| HIGH | CVE-2026-44553 | open-webui: stale Socket.IO role allows cross-user note R/W | open-webui | 8.1 |
| MEDIUM | CVE-2026-44550 | open-webui: mass assignment enables cross-user folder injection | open-webui | 5.0 |
| MEDIUM | CVE-2026-44560 | open-webui: RAG auth bypass exposes private files | open-webui | 6.5 |
| MEDIUM | CVE-2026-44561 | open-webui: auth bypass exposes private group channels | open-webui | 5.4 |
| HIGH | CVE-2026-44570 | open-webui: IDOR exposes cross-user AI memory data | open-webui | 8.3 |
| HIGH | GHSA-mq53-pc65-wjc4 | Flowise: mass assignment breaks workspace isolation | flowise | - |
| HIGH | GHSA-7j65-65cr-6644 | Flowise: mass assignment breaks cross-workspace isolation | flowise | - |
| HIGH | GHSA-5h9v-837x-m97r | Flowise: mass assignment enables cross-workspace data takeover | flowise | - |
| MEDIUM | CVE-2026-45666 | open-webui: IDOR exposes cross-user note data | open-webui | 6.5 |
| MEDIUM | CVE-2026-45396 | open-webui: mass assignment enables leaderboard poisoning | open-webui | 5.4 |
| MEDIUM | CVE-2026-45387 | open-webui: system prompt leakage via model read API | open-webui | 4.3 |
| MEDIUM | CVE-2026-45385 | Open WebUI: IDOR lets members tamper with admin messages | open-webui | 4.3 |
| HIGH | CVE-2026-45349 | open-webui: auth bypass exposes all user chat histories | open-webui | 7.1 |
| MEDIUM | CVE-2026-45347 | Open WebUI: blind SSRF via PDF export HTML injection | open-webui | 4.3 |
| MEDIUM | CVE-2026-45345 | open-webui: IDOR allows unauthorized model modification | open-webui | 6.5 |
| MEDIUM | CVE-2026-45317 | Open-WebUI: CSRF image URL leaks session cookies | open-webui | 4.6 |
| HIGH | CVE-2026-45301 | open-webui: BOLA exposes all users' uploaded files | open-webui | 8.1 |