Privacy Violation
Privacy is an unusual security category in AI because the data is often inside the model rather than next to it. Three failure modes dominate. First, training-data memorization: models can be coaxed into emitting verbatim PII or copyrighted text from their corpus — a documented vector against several frontier LLMs. Second, vendor data retention: applications routinely send user content to third-party APIs (OpenAI, Anthropic, Google) where it may be retained, logged for safety review, or used to improve future models, depending on the contract; under GDPR this is a controller-processor relationship that requires DPAs and lawful basis. Third, application-layer leakage: chat histories cached without per-tenant keys, vector stores indexed without ACLs, and logs containing full prompts. Compliance frameworks now address this directly: ISO 42001 Annex A 9.x, EU AI Act Article 10 (Data Governance), and GDPR Article 25 (Data Protection by Design).
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| MEDIUM | CVE-2026-45582 | n8n-mcp: telemetry leak exposes workflow URL secrets | n8n-mcp | 6.5 |
| HIGH | GHSA-hv85-774v-26fg | auth-fetch-mcp: SSRF + disk-exfil via unvalidated tool URLs | auth-fetch-mcp | 8.2 |
| CRITICAL | GHSA-3875-8gcx-7v46 | n8n: SSRF bypasses credential domain restrictions | n8n | 9.1 |
| MEDIUM | CVE-2026-2734 | MLflow: missing authz exposes all model versions | mlflow | 6.5 |
| MEDIUM | CVE-2026-48545 | Gradio: cookie injection hijacks cross-Space sessions | gradio | 6.8 |
| MEDIUM | CVE-2026-45334 | Kirby CMS: auth bypass leaks admin emails via content lock | getkirby/cms | - |
| HIGH | CVE-2026-47414 | praisonai-platform: IDOR cross-workspace label tampering | praisonai-platform | 7.6 |
| MEDIUM | CVE-2026-47408 | praisonai-platform: IDOR exposes cross-tenant activity logs | praisonai-platform | 6.5 |
| HIGH | CVE-2026-48169 | praisonai-platform: IDOR allows full workspace takeover | praisonai-platform | 8.8 |
| HIGH | CVE-2026-47415 | praisonai-platform: IDOR exposes cross-workspace tenant data | praisonai-platform | 8.3 |
| MEDIUM | CVE-2026-28511 | eLabFTW: IDOR exposes restricted resource titles | 4.3 | |
| HIGH | GHSA-f9rx-7wf7-jr36 | Froxlor: 2FA bypass via API grants full account access | froxlor/froxlor | 8.1 |
| LOW | CVE-2026-10783 | Gradio: weak hash exposes audio cache to local users | gradio | 2.5 |
| HIGH | CVE-2026-10814 | Milvus: weak hash allows RBAC grantee impersonation | milvus | 7.0 |
| MEDIUM | CVE-2026-8462 | OpenMeter: SQL injection leaks all-tenant metering data | github.com/openmeterio/openmeter | - |
| MEDIUM | CVE-2026-11326 | OpenAI Atlas: XSS enables browser history exfiltration | - | |
| HIGH | GHSA-wx3m-whqv-xv47 | skillctl: path traversal enables credential exfiltration | skillctl | - |
| HIGH | CVE-2026-46309 | Linux Xe iGPU: cache-bypass leaks cross-process stale data | 7.0 | |
| HIGH | CVE-2026-53812 | OpenClaw: SSRF bypasses private-network access controls | openclaw | 7.7 |
| MEDIUM | CVE-2019-6576 | SIMATIC WinCC: TLS key disclosure enables traffic decryption | SIMATIC HMI Classic Devices (TP/MP/OP/MP Mobile Panel) | 6.5 |