AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-32097: PingPong is a platform for using large language models (LLMs) for teaching and learning. Prior to 7.27.2, an authenticat

highvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseMarch 11, 2026CVE-2026-32097

Summary

PingPong is a platform for using LLMs (large language models, AI systems trained on massive amounts of text) in teaching and learning. Before version 7.27.2, authenticated users (those logged in) could potentially access or delete files they shouldn't have permission to see or modify, including private user files and AI-generated outputs. An attacker would need to be logged in and have access to at least one conversation thread to exploit this vulnerability.

Solution / Mitigation

This vulnerability is fixed in version 7.27.2. Users should update PingPong to this version or later.

Vulnerability Details

EPSS (30-day exploit probability)

EPSS: 0.0%

Disclosure Date

March 11, 2026

Classification

Attack Type

Data Extraction

Attack SophisticationModerate

Impact (CIA+S)

confidentialityintegrity

Taxonomy References

CWE (Weakness Type)

CWE-639

Affected Vendors

Related Issues

critical

CVE-2025-45150: Insecure permissions in LangChain-ChatGLM-Webui commit ef829 allows attackers to arbitrarily view and download sensitive

Similar attackNVD/CVE Database

high

CVE-2025-54868: LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint

First tracked: March 11, 2026 at 08:07 PM

Classified by LLM (prompt v3) · confidence: 92%