CVE-2024-5185: The EmbedAI application is susceptible to security issues that enable Data Poisoning attacks. This weakness could result
highvulnerabilityLLM-Specific
security
Summary
EmbedAI has a security flaw that allows data poisoning attacks (injecting false or harmful information into an AI system) through a CSRF vulnerability (cross-site request forgery, where an attacker tricks a user into performing unwanted actions on a website they're logged into). An attacker can direct users to a malicious webpage that exploits weak session management and CORS policies (which control what external websites can access the application), tricking them into uploading bad data that corrupts the application's language model.
Vulnerability Details
CVSS Score
7.3(high)
EPSS (30-day exploit probability)
EPSS: 0.1%
Classification
Attack Type
Model Poisoning
Attack SophisticationModerate
Impact (CIA+S)
integrity
AI Component TargetedTraining Data
Taxonomy References
CWE (Weakness Type)
Affected Vendors
Related Issues
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-5185
First tracked: February 15, 2026 at 08:52 PM
Classified by LLM (prompt v3) · confidence: 85%