AI Threat Alert
ATLAS Landscape
AML.T0057
LLM Data Leakage
Adversaries may craft prompts that induce the LLM to leak sensitive information. This can include private user data or proprietary information. The leaked information may come from proprietary training data, data sources the LLM is connected to, or information from other users of the LLM.
20 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2025-9556 | langchaingo: Jinja2 SSTI allows host filesystem read | 9.8 | |
| CRITICAL | CVE-2026-21445 | langflow: Missing Auth allows unauthenticated access | langflow | 9.1 |
| HIGH | CVE-2026-39889 | PraisonAI: unauth A2U stream leaks all agent activity | praisonai | 7.5 |
| HIGH | CVE-2025-46722 | vLLM: image hash collision enables multimodal cache leakage | vllm | 7.3 |
| MEDIUM | GHSA-766v-q9x3-g744 | praisonaiagents: agent context leak + path traversal | praisonaiagents | 6.5 |
| MEDIUM | CVE-2026-25640 | pydantic-ai: Path Traversal enables file access | pydantic-ai-slim | 5.4 |
| MEDIUM | CVE-2026-44561 | open-webui: auth bypass exposes private group channels | open-webui | 5.4 |
| MEDIUM | CVE-2026-40087 | LangChain: template injection leaks object attributes | langchain-core | 5.3 |
| MEDIUM | GHSA-926x-3r5x-gfhw | LangChain: f-string template injection exposes object internals | langchain-core | 5.3 |
| MEDIUM | CVE-2024-10940 | langchain-core: file read via prompt template inputs | langchain-core | 5.3 |
| MEDIUM | CVE-2025-60511 | Moodle: IDOR enables unauthorized data access | 4.3 | |
| MEDIUM | CVE-2025-68492 | chainlit: IDOR enables unauthorized data access | chainlit | 4.2 |
| LOW | CVE-2026-29071 | Open WebUI: IDOR exposes AI memories and private files | open-webui | 3.1 |
| LOW | CVE-2025-46570 | vLLM: timing side-channel leaks prompt cache data | vllm | 2.6 |
| LOW | CVE-2024-40594 | ChatGPT macOS: cleartext conversation storage exposed | 2.3 | |
| UNKNOWN | CVE-2026-42228 | n8n: WebSocket auth bypass hijacks AI agent workflows | n8n | — |
| HIGH | CVE-2025-65106 | langchain-core: security flaw enables exploitation | langchain-core | — |
| UNKNOWN | CVE-2025-34072 | Slack MCP: zero-click exfiltration via link unfurling | — | |
| HIGH | CVE-2026-44504 | Aegra: cross-tenant IDOR hijacks user thread data | aegra-api | — |
| UNKNOWN | CVE-2026-25083 | GROWI: Missing Auth allows unauthorized operations | — |