{"data":{"id":"16ec30ff-dc0f-4c11-88b7-59030c5c752d","title":"CVE-2026-32097: PingPong is a platform for using large language models (LLMs) for teaching and learning. Prior to 7.27.2, an authenticat","summary":"PingPong is a platform for using LLMs (large language models, AI systems trained on massive amounts of text) in teaching and learning. Before version 7.27.2, authenticated users (those logged in) could potentially access or delete files they shouldn't have permission to see or modify, including private user files and AI-generated outputs. An attacker would need to be logged in and have access to at least one conversation thread to exploit this vulnerability.","solution":"This vulnerability is fixed in version 7.27.2. Users should update PingPong to this version or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-32097","publishedAt":"2026-03-11T20:16:18.243Z","cveId":"CVE-2026-32097","cweIds":["CWE-639"],"cvssScore":null,"cvssSeverity":null,"severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["PingPong"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-11T20:16:18.243Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}