Anyquery CVE-2026-54628
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Unauthenticated network-reachable listener (PR:N, AV:N, AC:L); SSRF pivots to other systems (S:C) with High confidentiality from credential/data theft and Low integrity via state-changing internal API calls.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
Anyquery's server mode does not restrict outbound HTTP requests initiated by its built-in SQLite virtual table modules (e.g., json_reader, log_reader). Unauthenticated attackers connecting to the MySQL-compatible server port can create virtual tables pointing to internal network endpoints or Cloud Metadata IPs (e.g., http://169.254.169.254/latest/meta-data/). This allows attackers to perform Server-Side Request Forgery (SSRF), bypassing external firewalls to scan internal ports and exfiltrate cloud credentials.
Details
When Anyquery is launched in Server Mode (anyquery server), it binds to a TCP port and accepts MySQL protocol connections. The server handler allows the creation of dynamic virtual tables using modules like json_reader or log_reader, which internally use go-getter to fetch URLs. There is no protection mechanism to prevent fetches to local (127.0.0.0/8), private (10.0.0.0/8), or special (169.254.169.254) IP addresses.
An attacker can use this to map internal networks, interact with internal APIs, or steal IAM tokens from cloud metadata servers by fetching the data and reading it as a database table.
PoC (Proof of Concept)
- Start the server on the victim machine (e.g., an AWS EC2 instance):
anyquery server --host 0.0.0.0 --port 8070- Connect from an attacker machine:
mysql -u root -h <VICTIM_IP> -P 8070- Execute the payload to fetch AWS Metadata or hit a local API:
-- Payload 1: Fetch AWS Cloud Metadata (IAM credentials)
CREATE VIRTUAL TABLE aws_meta USING log_reader('http://169.254.169.254/latest/meta-data/');
SELECT * FROM aws_meta;
-- Payload 2: Access an internal application bound only to localhost
CREATE VIRTUAL TABLE local_admin USING log_reader('http://localhost:8000/admin');
SELECT * FROM local_admin LIMIT 10;Impact
- Confidentiality: High. Exfiltration of sensitive internal network data or cloud credentials.
- Integrity: Low. Possible interaction with state-changing internal REST APIs.
- Availability: None.
- CVSS Score: 8.6 (High) -
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
Remediation
By default, in Server Mode, remote HTTP fetches to local/private IP ranges and known Cloud Metadata IP addresses should be blocked unless explicitly enabled via configuration.
AnalysisAI
Server-Side Request Forgery in Anyquery's server mode (versions < 0.4.5) lets remote attackers who reach the MySQL-compatible listener force the server to fetch arbitrary URLs through its built-in SQLite virtual table modules (json_reader, log_reader), which internally use go-getter. Because the server accepts MySQL connections without authentication and applies no allow/deny list on fetch targets, an attacker can CREATE VIRTUAL TABLE against internal endpoints or the cloud metadata IP (169.254.169.254) and read the response as a table, bypassing external firewalls to scan internal services and exfiltrate cloud IAM credentials. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | The attacker must be able to reach the Anyquery server-mode MySQL listener (started via 'anyquery server', e.g. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The provided CVSS 3.1 vector (AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N, base 8.6) describes a network-reachable, low-complexity, unauthenticated attack with a scope change reflecting the pivot from the Anyquery process into other systems (internal APIs, cloud metadata) - a coherent and credible profile for classic SSRF-to-metadata. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An operator runs 'anyquery server --host 0.0.0.0 --port 8070' on an AWS EC2 instance to allow remote querying. An attacker who can reach that port connects with an unauthenticated MySQL client, issues CREATE VIRTUAL TABLE aws_meta USING log_reader('http://169.254.169.254/latest/meta-data/iam/security-credentials/'), and SELECTs the resulting table to read temporary IAM credentials, then reuses the same technique against http://localhost:8000/admin and internal ranges to pivot. … |
| Remediation | Vendor-released patch: 0.4.5 - upgrade Anyquery to 0.4.5 or later, which the release notes describe as adding server sandboxing for the security advisories including GHSA-hwrq-8wxh-q4xv (https://github.com/julien040/anyquery/releases/tag/0.4.5). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours, inventory all Anyquery deployments identifying instances running in server mode (versions < 0.4.5), immediately restrict MySQL listener access to trusted hosts only via firewall rules, and block all outbound connections to 169.254.169.254 (cloud metadata service). …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-284 – Improper Access Control
View allSame technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-hwrq-8wxh-q4xv