Privacy Violation
Privacy is an unusual security category in AI because the data is often inside the model rather than next to it. Three failure modes dominate. First, training-data memorization: models can be coaxed into emitting verbatim PII or copyrighted text from their corpus — a documented vector against several frontier LLMs. Second, vendor data retention: applications routinely send user content to third-party APIs (OpenAI, Anthropic, Google) where it may be retained, logged for safety review, or used to improve future models, depending on the contract; under GDPR this is a controller-processor relationship that requires DPAs and lawful basis. Third, application-layer leakage: chat histories cached without per-tenant keys, vector stores indexed without ACLs, and logs containing full prompts. Compliance frameworks now address this directly: ISO 42001 Annex A 9.x, EU AI Act Article 10 (Data Governance), and GDPR Article 25 (Data Protection by Design).
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2024-6878 | Panel: file exposure enables sensitive ML data collection | Panel | - |
| CRITICAL | CVE-2024-5960 | Panel: plaintext credential storage enables domain compromise | Panel | 9.8 |
| MEDIUM | CVE-2026-53826 | OpenClaw: workspace path leaked from sandboxed sessions | OpenClaw | 4.3 |
| HIGH | CVE-2026-54293 | NLTK: path traversal leaks arbitrary local files | nltk | 7.5 |
| HIGH | CVE-2026-33760 | Langflow: IDOR exposes cross-user LLM data and deletion | langflow | 8.8 |
| UNKNOWN | CVE-2026-54311 | n8n: prototype pollution leaks cross-user workflow data | n8n | - |
| MEDIUM | CVE-2026-53844 | OpenClaw: auth bypass exposes cross-session agent memory | openclaw | 6.5 |
| UNKNOWN | CVE-2026-54305 | n8n: IDOR enables OAuth credential hijack in agent workflows | n8n | - |
| UNKNOWN | CVE-2026-54307 | n8n: credential hijack via partial authorization bypass | n8n | - |
| MEDIUM | CVE-2026-54016 | Open WebUI: BOLA exposes private knowledge base files | open-webui | 4.3 |
| MEDIUM | CVE-2026-54015 | Open WebUI: IDOR exposes private prompt history | open-webui | 6.4 |
| HIGH | CVE-2026-54010 | Open WebUI: IDOR allows cross-user file read and delete | open-webui | 8.3 |
| MEDIUM | CVE-2026-54009 | open-webui: cross-user file read via auth bypass | open-webui | 6.5 |
| HIGH | CVE-2026-54008 | open-webui: SSRF via OAuth picture redirect bypass | open-webui | 8.5 |
| MEDIUM | CVE-2026-54006 | open-webui: auth bypass allows cross-user calendar injection | open-webui | 4.3 |
| UNKNOWN | CVE-2026-53923 | vLLM: integer truncation leaks GPU memory cross-tenant | vllm | - |
| MEDIUM | CVE-2026-54022 | open-webui: Yjs auth bypass exposes all user notes | open-webui | 5.3 |
| HIGH | GHSA-4pcv-mg8v-vrgf | praisonaiagents: SSRF + prompt injection, IAM cred exposure | praisonaiagents | 8.8 |
| CRITICAL | GHSA-29w3-p9w9-wc47 | PraisonAI: multiedit path traversal, arbitrary file R/W | praisonai | 9.1 |
| HIGH | GHSA-2rcg-mm5h-xchx | praisonaiagents: @file: path traversal reads arbitrary files | praisonaiagents | 7.5 |