CVE-2026-32715
published 2026-03-16CVE-2026-32715: AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two…
PriorityP418low3.8CVSS 3.1
AVNACLPRHUINSUCLILAN
EPSS
0.20%
9.8th percentile
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin only. Because of this inconsistency, a manager can call the generic endpoints directly to read plaintext SQL database credentials and overwrite admin-only global settings such as the default system prompt and the Community Hub API key.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mintplex-labs | anything-llm | <= 1.11.1 | — |
| mintplexlabs | anythingllm | <= 1.11.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-5627 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-5627 [HIGH] CVE-2026-5627 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5627 :
AnythingLLM vulnerability analysis and mitigation
AgentFlows
loadFlow
deleteFlow
server/utils/agentFlows/index.js
path.join
normalizePath
.json
package.json
Source : NVD
## 9.1
Score
Published April 7, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
AnythingLLM
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mintplexlabs:anythingllm
Sources
NVD
Linux Severity CRITICAL Has Fix Added at: Apr 09, 2026
Windows Severity CRITICAL Has Fix Added at: Apr 09, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exp
Wiz
CVE-2026-32715 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 3.8
CVE-2026-32715 [LOW] CVE-2026-32715 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32715 :
Homebrew vulnerability analysis and mitigation
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin only. Because of this inconsistency, a manager can call the generic endpoints directly to read plaintext SQL database credentials and overwrite admin-only global settings such as the default system prompt and the Community Hub API key.
Source : NVD
## 3.8
Score
Published March 16, 2026
Severity LOW
CNA Score 3.8
Affected Technologies
Homebrew
AnythingLLM
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Relea
2026-03-16
Published