Privacy Violation
Privacy is an unusual security category in AI because the data is often inside the model rather than next to it. Three failure modes dominate. First, training-data memorization: models can be coaxed into emitting verbatim PII or copyrighted text from their corpus — a documented vector against several frontier LLMs. Second, vendor data retention: applications routinely send user content to third-party APIs (OpenAI, Anthropic, Google) where it may be retained, logged for safety review, or used to improve future models, depending on the contract; under GDPR this is a controller-processor relationship that requires DPAs and lawful basis. Third, application-layer leakage: chat histories cached without per-tenant keys, vector stores indexed without ACLs, and logs containing full prompts. Compliance frameworks now address this directly: ISO 42001 Annex A 9.x, EU AI Act Article 10 (Data Governance), and GDPR Article 25 (Data Protection by Design).
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2026-12243 | NLTK: path traversal enables arbitrary file read | - | |
| CRITICAL | CVE-2026-7873 | Langflow: authenticated RCE enables credential theft | langflow | 9.9 |
| CRITICAL | CVE-2026-7874 | Langflow: weak reversible KDF exposes all stored credentials | langflow | 9.1 |
| UNKNOWN | CVE-2026-12480 | Keras: incomplete fix reopens HDF5 arbitrary file read | keras | - |
| MEDIUM | CVE-2026-49088 | Kibana: sensitive headers leaked via APM logs | 4.4 | |
| HIGH | CVE-2026-49119 | Gradio: path traversal in FileExplorer leaks files | gradio | 7.5 |
| MEDIUM | GHSA-6c4r-g249-wv3c | OpenClaw: sandbox leaks host workspace path to child | openclaw | - |
| MEDIUM | GHSA-gp79-m99v-gjmh | OpenClaw: fail-open bypasses Mattermost DM channel policy | openclaw | - |
| HIGH | GHSA-jvm4-4j77-39p6 | OpenClaw: QQBot command bypasses config allowlist | openclaw | - |
| MEDIUM | GHSA-p2fh-f5fc-44hr | OpenClaw: memory-wiki ingest reads arbitrary local files | openclaw | 6.5 |
| MEDIUM | CVE-2026-9557 | Mautic Focus: SSRF enables internal network recon | mautic/core | 6.4 |
| HIGH | CVE-2026-45499 | Azure OpenAI: SSRF flaw enables privilege escalation | 8.8 | |
| LOW | CVE-2026-14738 | exo: weak hash algorithm in vision feature cache key | 3.7 | |
| CRITICAL | GHSA-vjc7-jrh9-9j86 | 9Router: no-auth API leaks keys, chats, provider control | 9router | 10.0 |
| MEDIUM | CVE-2026-55430 | Coder: X-Forwarded-Host spoof leaks victim app data | github.com/coder/coder/v2 | 5.8 |
| HIGH | CVE-2026-55428 | Coder: agent IP spoofing hijacks workspace traffic | github.com/coder/coder/v2 | 8.2 |
| HIGH | CVE-2026-55429 | Coder: cross-workspace agent hijack via app ID reuse | github.com/coder/coder/v2 | 8.7 |
| HIGH | CVE-2026-55075 | Coder: OIDC auth bypass enables account takeover | github.com/coder/coder/v2 | 7.4 |
| MEDIUM | CVE-2026-34225 | open-webui: blind SSRF via image-edit URL fetch | open-webui | 4.3 |
| HIGH | CVE-2026-48957 | Joomla: fallo de control de acceso en com_privacy | 8.8 |
Page 9 of 9