Skip to main content

Anything Llm CVE-2026-42456

MEDIUM
Information Exposure (CWE-200)
2026-05-08 GitHub_M
4.3
CVSS 3.1 · GitHub Advisory
Share

Severity by source

GitHub Advisory PRIMARY
4.3 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

1
CVE Published
May 08, 2026 - 23:01 nvd
MEDIUM 4.3

DescriptionGitHub Advisory

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace because the route validates workspace membership but does not enforce ownership of the targeted chat row. As a result, an authenticated user can access another user's private assistant response in audio form if the chatId is known or guessed. This constitutes an insecure direct object reference (IDOR) affecting private chat response content exposed through the TTS endpoint. This issue has been patched in version 1.12.1.

Analysis

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace because the route validates workspace membership but does not enforce ownership of the targeted chat row. As a result, an authenticated user can access another user's private assistant response in audio form if the chatId is known or guessed. This constitutes an insecure direct object reference (IDOR) affecting private chat response content exposed through the TTS endpoint. This issue has been patched in version 1.12.1.

CVE-2023-4899 HIGH POC
8.8 Sep 12

SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high severity (CVSS 8.8), this vulne

CVE-2023-4898 HIGH POC
7.5 Sep 12

Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high sev

CVE-2026-32626 CRITICAL
9.6 Mar 13

XSS in AnythingLLM 1.11.1 and earlier.

CVE-2026-32628 HIGH
7.7 Mar 13

SQL injection in AnythingLLM versions 1.11.1 and earlier enables authenticated users to execute arbitrary SQL commands a

CVE-2026-32617 HIGH
7.1 Mar 13

AnythingLLM versions 1.11.1 and earlier contain an authentication bypass vulnerability on default installations where th

CVE-2026-41318 MEDIUM
5.4 Apr 24

Stored DOM-level XSS in AnythingLLM's chart caption rendering allows authenticated users in shared workspaces to inject

CVE-2026-48789 MEDIUM
4.3 Jun 24

Path traversal in AnythingLLM's document folder listing endpoint on Windows allows authenticated low-privilege users to

CVE-2026-32719 MEDIUM
4.2 Mar 13

AnythingLLM versions 1.11.1 and earlier contain a Zip Slip path traversal vulnerability in the community plugin import f

CVE-2026-32715 LOW
3.8 Mar 13

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti

CVE-2026-32717 LOW
2.7 Mar 13

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti

CVE-2026-47713 LOW
2.0 May 28

Stale mobile device tokens in AnythingLLM survive single-user to multi-user mode migration with a null userId, allowing

CVE-2026-45403 LOW
2.0 May 28

Symlink following in the AnythingLLM agent filesystem copy tool (versions prior to 1.13.0) allows a highly-privileged au

Share

CVE-2026-42456 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy