Privacy Violation
Privacy is an unusual security category in AI because the data is often inside the model rather than next to it. Three failure modes dominate. First, training-data memorization: models can be coaxed into emitting verbatim PII or copyrighted text from their corpus — a documented vector against several frontier LLMs. Second, vendor data retention: applications routinely send user content to third-party APIs (OpenAI, Anthropic, Google) where it may be retained, logged for safety review, or used to improve future models, depending on the contract; under GDPR this is a controller-processor relationship that requires DPAs and lawful basis. Third, application-layer leakage: chat histories cached without per-tenant keys, vector stores indexed without ACLs, and logs containing full prompts. Compliance frameworks now address this directly: ISO 42001 Annex A 9.x, EU AI Act Article 10 (Data Governance), and GDPR Article 25 (Data Protection by Design).
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | GHSA-22cj-m4wf-fv2c | PraisonAI: path traversal in agent tools exposes credentials | praisonai | 7.5 |
| MEDIUM | CVE-2026-54683 | nl-portal documenten-api: IDOR exposes citizen documents | nl.nl-portal:documenten-api | 6.5 |
| MEDIUM | CVE-2026-56077 | PraisonAI: agent ID collision leaks system prompts | PraisonAI | 6.5 |
| MEDIUM | CVE-2026-55414 | nl-portal: GraphQL SSRF exposes Objecten-API auth token | nl.nl-portal:form | 5.3 |
| HIGH | CVE-2026-49357 | line-desktop-mcp: unauthenticated HTTP exposes LINE chats | line-desktop-mcp | - |
| MEDIUM | CVE-2026-56267 | Flowise: PII exposure via unauthenticated password reset | Flowise | - |
| HIGH | CVE-2026-48505 | Filament: MFA race condition enables recovery code reuse | 7.4 | |
| MEDIUM | CVE-2026-48166 | Filament: timing side-channel exposes registered emails | 5.3 | |
| MEDIUM | CVE-2026-32008 | OpenClaw: file:// bypass enables local file exfiltration | OpenClaw | 6.5 |
| MEDIUM | CVE-2026-32002 | OpenClaw: sandbox bypass exfiltrates files via vision API | OpenClaw | 5.3 |
| MEDIUM | CVE-2026-32024 | OpenClaw: symlink traversal leaks arbitrary local files | OpenClaw | 5.5 |
| HIGH | CVE-2026-32918 | OpenClaw: session sandbox escape exposes cross-agent state | OpenClaw | 8.4 |
| HIGH | CVE-2026-33572 | OpenClaw: insecure transcript files expose agent secrets | OpenClaw | 8.4 |
| MEDIUM | CVE-2026-33581 | OpenClaw: sandbox bypass enables arbitrary file read | OpenClaw | 6.5 |
| HIGH | CVE-2026-34504 | OpenClaw: SSRF in fal provider exposes internal services | OpenClaw | 8.3 |
| MEDIUM | CVE-2026-35670 | OpenClaw: webhook rebinding exposes user data | OpenClaw | 5.9 |
| MEDIUM | CVE-2026-46406 | Claude Code: predictable temp file leaks data, symlink write | claude-code | - |
| CRITICAL | CVE-2025-71327 | Flowise: auth bypass grants full API access | Flowise | 9.1 |
| HIGH | CVE-2026-5757 | Ollama: unauthenticated heap memory disclosure | Ollama | 7.5 |
| MEDIUM | GHSA-j7f5-gfqm-pcx3 | Pterodactyl panel: email endpoint leaks user enumeration | pterodactyl/panel | - |