OWASP_LLM_TOP10LLM08:2025voice-validated
OWASP_LLM_TOP10 LLM08: LLM08:2025
OWASP_LLM_TOP10
AL
Founder at SQUR · last verified 2026-06-20
Regulation text
Vulnerabilities in vector databases and embedding stores used by RAG applications. Includes unauthorised access to embedding stores, cross-tenant data leakage in shared embedding spaces, inversion attacks that reconstruct training data from embeddings, poisoned embeddings injected via document upload paths, and weak access control on retrieved-context filtering.
ATT&CK techniques this article tests · 0
| Technique | Why it maps | Confidence |
|---|
Defending mitigations · 0
| Mitigation | What it does | Confidence |
|---|
Underlying weaknesses · 7
| CWE | Why it persists | Confidence |
|---|---|---|
| CWE-287 | 1. Improper authentication allows attackers to bypass security measures. This directly leads to unauthorized access to vector databases and embedding stores. | 95% |
| CWE-284 | 1. Improper access control enables unauthorized access to embedding stores. This facilitates cross-tenant data leakage and allows manipulation of retrieved context filtering. | 95% |
| CWE-200 | 1. Exposure of sensitive information to an unauthorized actor results in data leakage. This includes cross-tenant data exposure and enables inversion attacks from embeddings. | 90% |
| CWE-502 | 1. Deserialization of untrusted data can lead to arbitrary code execution. This vulnerability can be exploited during embedding injection via document upload paths. | 70% |
| CWE-798 | 1. Use of hard-coded credentials provides attackers with persistent access. This bypasses authentication for vector databases, enabling unauthorized operations. | 80% |
| CWE-434 | 1. Unrestricted upload of files with dangerous types allows attackers to inject malicious content. This directly leads to poisoned embeddings via document upload paths. | 85% |
| CWE-306 | 1. Missing authentication for critical functions allows unauthorized operations. This includes modifying embedding stores or bypassing retrieved-context filtering without proper checks. | 90% |
What SQUR Covers
Web application + API pentesting for OWASP Top 10, business logic flaws, authentication bypass, injection attacks, and other application-layer vulnerabilities. €1,995 per scan, 24-hour turnaround, EU-only data.
What SQUR Does Not Cover
Internal network pentesting, endpoint security testing, physical security assessments, social engineering, or ICT third-party concentration risk reviews. Engage a complementary provider for those scope items.
Provenance
Mapped Q2.2026 using gemini-2.5-flash · €0.0177 compute · voice-rubric self-validated