AI Threat Alert
ATLAS Landscape
AML.T0064
Gather RAG-Indexed Targets
Adversaries may identify data sources used in retrieval augmented generation (RAG) systems for targeting purposes. By pinpointing these sources, attackers can focus on poisoning or otherwise manipulating the external data repositories the AI relies on. RAG-indexed data may be identified in public documentation about the system, or by interacting with the system directly and observing any indications of or references to external data sources.
7 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| HIGH | CVE-2026-44554 | open-webui: RAG poisoning via unauthorized KB overwrite | open-webui | 8.1 |
| HIGH | CVE-2026-28788 | Open WebUI: BOLA enables RAG poisoning via file overwrite | open-webui | 7.1 |
| MEDIUM | CVE-2026-44560 | open-webui: RAG auth bypass exposes private files | open-webui | 6.5 |
| MEDIUM | CVE-2026-44557 | open-webui: auth bypass exposes all knowledge base metadata | open-webui | 4.3 |
| MEDIUM | CVE-2026-26019 | langchain_community: SSRF allows internal network access | langchain_community | 4.1 |
| LOW | CVE-2024-6971 | lollms: path traversal in RAG database functions | lollms | 3.4 |
| UNKNOWN | CVE-2025-21604 | AIDeepin: MD5 collision enables RAG knowledge base poisoning | — |