AI Threat Alert
ATLAS Landscape
AML.T0085.000
RAG Databases
Adversaries may prompt the AI service to retrieve data from a RAG database. This can include the majority of an organization's internal documents.
11 CVEs mapped
View on MITRE ATLAS →
| Severity | CVE | Headline | Package | CVSS |
|---|---|---|---|---|
| CRITICAL | CVE-2025-1793 | llama_index: SQL injection in vector store integrations | llama-index | 9.8 |
| CRITICAL | CVE-2024-11958 | llama-index DuckDB retriever: SQLi enables RCE | llama-index-retrievers-duckdb-retriever | 9.8 |
| HIGH | CVE-2026-32763 | 8.2 | ||
| HIGH | CVE-2025-3046 | LlamaIndex Obsidian: symlink traversal exposes host files | llama-index-readers-obsidian | 7.5 |
| MEDIUM | CVE-2026-44560 | open-webui: RAG auth bypass exposes private files | open-webui | 6.5 |
| MEDIUM | CVE-2026-7844 | Langchain-Chatchat: auth bypass on file service endpoints | 6.3 | |
| MEDIUM | CVE-2026-29070 | open-webui: missing authz allows cross-KB file deletion | open-webui | 5.4 |
| MEDIUM | CVE-2026-44557 | open-webui: auth bypass exposes all knowledge base metadata | open-webui | 4.3 |
| LOW | CVE-2024-6971 | lollms: path traversal in RAG database functions | lollms | 3.4 |
| LOW | CVE-2026-25211 | llama-stack: security flaw enables exploitation | 3.2 | |
| LOW | CVE-2026-29071 | Open WebUI: IDOR exposes AI memories and private files | open-webui | 3.1 |