cbcvebase.

Mintplex-Labs Anything-Llm vulnerabilities

17 known vulnerabilities affecting mintplex-labs/anything-llm.

Total CVEs
17
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL1HIGH6MEDIUM6LOW3

Vulnerabilities

Page 1 of 1
CVE-2026-24477P1HIGHCVSS 7.5ExploitedPoCfixed in 1.10.02026-01-27
CVE-2026-24477 [HIGH] CWE-201 CVE-2026-24477: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticated users via the `/api/setup-complete` endpoint. Leakage
nvd
CVE-2026-48116P3HIGHCVSS 8.8fixed in 1.13.02026-05-28
CVE-2026-48116 [HIGH] CWE-77 CVE-2026-48116: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separator. ripgrep parses any argument that starts with - as an o
nvd
CVE-2026-21484P3MEDIUMCVSS 5.3PoCfixed in e287fab56089cf8fcea9ba579a3ecdeca0daa3132026-01-03
CVE-2026-21484 [MEDIUM] CWE-203 CVE-2026-21484: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling username enumeration. Commit e287fab56089cf8fcea9ba57
nvd
CVE-2026-32628P3HIGHCVSS 8.8≤ 1.11.12026-03-16
CVE-2026-32628 [HIGH] CWE-89 CVE-2026-32628: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected databases. The getTableSchemaSql() method in all three d
nvd
CVE-2026-32626P3CRITICALCVSS 9.6≤ 1.11.12026-03-16
CVE-2026-32626 [CRITICAL] CWE-79 CVE-2026-32626: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS due to insecure Electron configuration. This works w
nvd
CVE-2026-24478P3HIGHCVSS 7.2fixed in 1.10.02026-01-27
CVE-2026-24478 [HIGH] CWE-22 CVE-2026-24478: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the DrupalWiki integration allows a malicious admin (or an attacker who can convince an admin to configure a malicious DrupalWiki URL) to write arbitrary files to
nvd
CVE-2026-32617P3HIGHCVSS 7.5≤ 1.11.12026-03-16
CVE-2026-32617 [HIGH] CWE-942 CVE-2026-32617: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the agent WebSocket lack authentication, and the server's CORS policy accepts any origin. AnythingLLM Deskto
nvd
CVE-2024-22422P3HIGHCVSS 7.5fixed in 08d33cfd82024-01-19
CVE-2024-22422 [HIGH] CWE-754 CVE-2024-22422: AnythingLLM is an application that turns any document, resource, or piece of content into context th AnythingLLM is an application that turns any document, resource, or piece of content into context that any LLM can use as references during chatting. In versions prior to commit `08d33cfd8` an unauthenticated API route (file export) can allow attacker to crash the server resulting in a denial of service attack. The “data-export” endpoint is used to ex
nvd
CVE-2026-32719P3MEDIUMCVSS 6.4≤ 1.11.12026-03-16
CVE-2026-32719 [MEDIUM] CWE-22 CVE-2026-32719: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file
nvd
CVE-2026-41318P4MEDIUMCVSS 5.4fixed in 1.12.12026-04-24
CVE-2026-41318 [MEDIUM] CWE-79 CVE-2026-41318: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's `alt` text into an HTML `alt="..."` attribute without any HTML encoding. Every call-sit
nvd
CVE-2026-42456P4MEDIUMCVSS 4.3fixed in 1.12.12026-05-08
CVE-2026-42456 [MEDIUM] CWE-200 CVE-2026-42456: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace because the route validates workspace membership but does
nvd
CVE-2026-48789P4MEDIUMCVSS 4.3fixed in 1.13.02026-06-24
CVE-2026-48789 [MEDIUM] CWE-22 CVE-2026-48789: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared path containment helper rejects POSIX-style "../" trav
nvd
CVE-2026-47713P4MEDIUMCVSS 4.3fixed in 1.13.02026-05-28
CVE-2026-47713 [MEDIUM] CWE-285 CVE-2026-47713: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token created in single-user mode can survive single-user -> multi-user migration even when the device record has userId = null. In multi-user mode, that stale token is still accepted
nvd
CVE-2026-32715P4LOWCVSS 3.8≤ 1.11.12026-03-16
CVE-2026-32715 [LOW] CWE-863 CVE-2026-32715: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin only. Because of this inconsistency, a manager can call
nvd
CVE-2026-55611P4UNKNOWNCVSS 0.0fixed in 1.14.12026-06-24
CVE-2026-55611 [NONE] CWE-639 CVE-2026-55611: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow still deletes the target file by primary key only, with n
nvd
CVE-2026-45403P4LOWCVSS 2.5fixed in 1.13.02026-05-28
CVE-2026-45403 [LOW] CWE-59 CVE-2026-45403: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child entries using fs.stat() and copies files with fs.copyFile() w
nvd
CVE-2026-32717P4LOWCVSS 2.7≤ 1.11.12026-03-16
CVE-2026-32717 [LOW] CWE-863 CVE-2026-32717: AnythingLLM is an application that turns pieces of content into context that any LLM can use as refe AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it does not block them on the browser extension API key path. If a user already has a valid brx-... browser e
nvd
Mintplex-Labs Anything-Llm vulnerabilities | cvebase