AML.T0036

Data from Information Repositories

Adversaries may leverage information repositories to mine valuable information. Information repositories are tools that allow for storage of information, typically to facilitate collaboration or information sharing between users, and can store a wide variety of data that may aid adversaries in further objectives, or direct access to the target information. Information stored in a repository may vary based on the specific instance or environment. Specific common information repositories include SharePoint, Confluence, and enterprise databases such as SQL Server.

15 CVEs mapped View on MITRE ATLAS →

Severity	CVE	Headline	Package	CVSS
CRITICAL	CVE-2026-21445	langflow: Missing Auth allows unauthenticated access	langflow	9.1
HIGH	CVE-2026-26286	sillytavern: SSRF allows internal network access		8.5
HIGH	CVE-2025-14279	mlflow: security flaw enables exploitation	mlflow	8.1
HIGH	CVE-2026-44553	open-webui: stale Socket.IO role allows cross-user note R/W	open-webui	8.1
HIGH	CVE-2025-59527	Flowise: unauthenticated SSRF exposes internal network	flowise	7.5
MEDIUM	CVE-2026-6542	Langflow: IDOR exposes cross-tenant flow data and deletion	langflow	6.5
MEDIUM	CVE-2025-68477	langflow: SSRF allows internal network access	langflow	6.5
MEDIUM	CVE-2026-44561	open-webui: auth bypass exposes private group channels	open-webui	5.4
MEDIUM	CVE-2026-41495	n8n-mcp: bearer tokens exposed in HTTP transport logs	n8n-mcp	5.3
MEDIUM	CVE-2018-21030	Jupyter Notebook: XSS via missing CSP on served files	notebook	5.3
MEDIUM	CVE-2026-44557	open-webui: auth bypass exposes all knowledge base metadata	open-webui	4.3
MEDIUM	CVE-2025-68492	chainlit: IDOR enables unauthorized data access	chainlit	4.2
HIGH	CVE-2025-23205	nbgrader: Clickjacking exposes formgrader via IFrame		—
LOW	CVE-2025-65858			—
HIGH	CVE-2026-23982			—