AI Threat Alert
RAG
Retrieval-Augmented Generation pairs an LLM with an external knowledge store — typically a vector database holding embeddings of documents — so the model can ground its responses in up-to-date or proprietary information. The retrieval layer creates two distinct attack surfaces. First, the index itself can be poisoned: an attacker who can write into the source documents plants malicious content that the retriever will later surface to the LLM, enabling indirect prompt injection at retrieval time. Second, the embedding pipeline and the vector store (Pinecone, Weaviate, Chroma, pgvector, Qdrant) have their own vulnerabilities — authentication bypass, query injection, and unauthorized cross-tenant retrieval. RAG is also a common vector for training-data exfiltration when retrieved context is later used to fine-tune downstream models. Defenses: provenance tagging on retrieved content, source-aware system prompts, ACL-enforced retrieval, and tenant isolation in the vector store.
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| UNKNOWN | CVE-2026-2492 | TensorFlow: security flaw enables exploitation | - | |
| HIGH | CVE-2026-4538 | AI component: Input Validation flaw enables exploitation | 7.8 | |
| HIGH | CVE-2026-27795 | LangChain: SSRF allows internal network access | 7.4 | |
| CRITICAL | CVE-2026-27966 | langflow: Code Injection enables RCE | langflow | 9.8 |
| MEDIUM | CVE-2026-2589 | Greenshift: Info Disclosure leaks sensitive data | 5.3 | |
| UNKNOWN | CVE-2026-25083 | GROWI: Missing Auth allows unauthorized operations | - | |
| CRITICAL | CVE-2026-28500 | onnx: Integrity Verification bypass enables tampering | onnx | 9.1 |
| HIGH | CVE-2026-2033 | mlflow: Path Traversal enables file access | mlflow | 8.1 |
| CRITICAL | CVE-2026-2635 | mlflow: security flaw enables exploitation | mlflow | 9.8 |
| CRITICAL | CVE-2026-25960 | vllm: SSRF allows internal network access | vllm | 9.8 |
| MEDIUM | CVE-2026-28415 | gradio: Info Disclosure leaks sensitive data | gradio | 4.7 |
| CRITICAL | CVE-2026-30821 | flowise: Arbitrary File Upload enables RCE | flowise | 9.8 |
| CRITICAL | CVE-2026-27493 | n8n: Code Injection enables RCE | n8n | 9.0 |
| CRITICAL | CVE-2026-27494 | n8n: security flaw enables exploitation | n8n | 9.9 |
| CRITICAL | CVE-2026-27495 | n8n: Code Injection enables RCE | n8n | 9.9 |
| HIGH | CVE-2026-27497 | n8n: SQL Injection exposes database | n8n | 8.8 |
| HIGH | CVE-2026-27498 | n8n: Code Injection enables RCE | n8n | 8.8 |
| CRITICAL | CVE-2026-27577 | n8n: Code Injection enables RCE | n8n | 9.9 |
| MEDIUM | CVE-2026-27578 | n8n: XSS enables session hijacking | n8n | 5.4 |
| MEDIUM | CVE-2025-12343 | ffmpeg: security flaw enables exploitation | 5.5 |
Page 1 of 5