"Third-party keyboard extensions in iOS can be designed to run entirely standalone, without access to external services, or they can request “full access” to provide additional features through network access. Apple has discovered a bug in iOS 13 and iPadOS that can result in keyboard extensions being granted full access even if you haven't approved this access," Apple says.
Apple did not go into great detail about the flaw. The timing is interesting, though—Apple launched iOS 13 on September 19, followed by an incremental update to iOS 13.1 on September 24. While Apple only references iOS 13 in its security warning, it also affects the more recent update, as the company does not yet have a fix in place.
"The issue will be fixed soon in an upcoming software update," Apple says.
In the meantime, you can check which keyboards you have installed by going to Settings > General > Keyboard > Keyboards.