Anyquery CVE-2026-54629
HIGHSeverity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Unauthenticated MySQL-protocol client reads arbitrary files with trivial SQL, so AV:N/AC:L/PR:N/UI:N and C:H; no integrity or availability impact and no scope change.
Primary rating from GitHub Advisory.
CVSS VectorGitHub Advisory
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3DescriptionGitHub Advisory
Summary
Anyquery's server mode lacks input sanitization and access control over its built-in SQLite virtual table modules (e.g., csv_reader, log_reader). Unauthenticated attackers connecting to the MySQL-compatible server port can create virtual tables pointing to local files on the system (e.g., /etc/passwd, ~/.ssh/id_rsa). This allows full Local File Read (LFR) capabilities, compromising sensitive system configurations and credentials.
Details
Anyquery utilizes the hashicorp/go-getter library within its data ingestion modules. When Anyquery is launched in Server Mode (anyquery server), it binds to a TCP port and accepts MySQL protocol connections. The server handler does not restrict the usage of these virtual table modules to safe directories. An attacker can connect to the server and execute native SQLite virtual table creation queries to instantiate modules like csv_reader pointing to restricted files. Because the file read operation is initiated by the Anyquery server process, the attacker can read any file the process has access to.
PoC (Proof of Concept)
- Start the server on the victim machine:
anyquery server --host 0.0.0.0 --port 8070- Connect from an attacker machine:
mysql -u root -h <VICTIM_IP> -P 8070- Execute the following payload to read
/etc/passwd:
CREATE VIRTUAL TABLE passwd USING csv_reader('/etc/passwd');
SELECT * FROM passwd;Impact
- Confidentiality: High. Complete compromise of local file system confidentiality.
- Integrity: None.
- Availability: None.
- CVSS Score: 7.5 (High) -
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Remediation
Implement a sandboxing mechanism in Server Mode (e.g., a --restrict-paths flag) to limit read_* operations to designated directories.
AnalysisAI
Local File Read in Anyquery's Server Mode lets unauthenticated network attackers exfiltrate arbitrary files (e.g. /etc/passwd, ~/.ssh/id_rsa) readable by the server process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Requires Anyquery to be running in Server Mode (`anyquery server`) and the MySQL-compatible TCP port (e.g. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS vector (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N = 7.5) describes a low-complexity, network-reachable, unauthenticated read of high-confidentiality data with no integrity or availability impact, and a published PoC confirms exploitation is trivial once the port is reachable. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An operator exposes Anyquery Server Mode on a routable interface (`anyquery server --host 0.0.0.0 --port 8070`). An unauthenticated attacker connects with a standard MySQL client (`mysql -u root -h VICTIM -P 8070`) and runs `CREATE VIRTUAL TABLE passwd USING csv_reader('/etc/passwd'); SELECT * FROM passwd;` to read the file, then repeats against ~/.ssh/id_rsa and other secrets to harvest credentials. … |
| Remediation | Vendor-released patch: upgrade to Anyquery 0.4.5, which the vendor states adds sandboxing to Server Mode (commit 27f84fc adds sandboxing referenced against the related server-mode CVEs). … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: identify all systems running Anyquery in server mode; immediately implement firewall rules restricting access to trusted administrative networks only; disable server mode if not operationally essential. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Credential-harvesting malware compromised 84 versions of 42 TanStack npm packages on 2026-05-11 via chained GitHub Actio
HashiCorp Terraform’s Vault Provider (terraform-provider-vault) did not correctly configure GCE-type bound labels for Va
An XML external entity (XXE) vulnerability in the Password Vault Web Access (PVWA) of CyberArk Enterprise Password Vault
PhotoRange Photo Vault 1.2 appends the password to the URI for authorization, which makes it easier for remote attackers
The REST API in CyberArk Password Vault Web Access before 9.9.5 and 10.x before 10.1 allows remote attackers to execute
Account takeover in self-hosted Bitwarden Server before 2026.6.0 lets a low-privileged organization member steal any oth
vault-cli is a configurable command-line interface tool (and python library) to interact with Hashicorp Vault. Rated cri
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 is missing validation for a client-provided parameter, w
The SRP-6a implementation in Kee Vault KeePassRPC before 1.12.0 generates insufficiently random numbers, which allows re
HashiCorp Vagrant VMware Fusion plugin (aka vagrant-vmware-fusion) before 4.0.24 uses weak permissions for the sudo help
Atlantis is a self-hosted golang application that listens for Terraform pull request events via webhooks. Rated high sev
Coder allows organizations to provision remote development environments via Terraform. Rated high severity (CVSS 8.1), t
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
GHSA-mf78-3rpf-r784