AI Threat Alert
ATLAS Landscape
AML.T0059
Erode Dataset Integrity
Adversaries may poison or manipulate portions of a dataset to reduce its usefulness, reduce trust, and cause users to waste resources correcting errors.
8 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2025-15381 | MLflow: broken access control exposes experiment traces | mlflow | 8.1 |
| HIGH | CVE-2026-44554 | open-webui: RAG poisoning via unauthorized KB overwrite | open-webui | 8.1 |
| HIGH | CVE-2025-7707 | llama-index: world-writable NLTK dir allows local tampering | llama-index | 7.1 |
| MEDIUM | CVE-2024-7035 | Open WebUI: CSRF wipes RAG DB and AI memories via GET | open-webui | 6.9 |
| MEDIUM | CVE-2025-6211 | llama-index: DocugamiReader MD5 hash collision drops chunks | llama-index-readers-docugami | 6.5 |
| MEDIUM | CVE-2026-29070 | open-webui: missing authz allows cross-KB file deletion | open-webui | 5.4 |
| MEDIUM | CVE-2025-3044 | llama-index ArxivReader: MD5 collision corrupts training data | llama-index-readers-papers | 5.3 |
| MEDIUM | CVE-2025-13354 | taxopress: Missing Auth allows unauthorized operations | 4.3 |