Skip to main content

AnythingLLM CVE-2026-55611

| EUVDEUVD-2026-39009 NONE
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-06-24 GitHub_M

Severity by source

Vendor (GitHub_M) PRIMARY
0.0 NONE
AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N
vuln.today AI
6.5 MEDIUM

PR:H reflects mandatory manager/admin role; I:H and A:H reflect unconditional deletion of arbitrary users' parsed files; C:N as no read access is gained.

3.1 AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
4.0 AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch available
Jun 24, 2026 - 19:17 EUVD
Source Code Evidence Fetched
Jun 24, 2026 - 18:16 vuln.today
Analysis Generated
Jun 24, 2026 - 18:16 vuln.today

DescriptionCVE.org

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow still deletes the target file by primary key only, with no ownership check, inside two finally{} blocks that run even when the ownership-checked read fails. As a result a manager or admin (multi-user mode) can delete any other user's parsed file in any workspace - including workspaces they are not a member of - by enumerating integer fileIds. The server even returns "File not found" while still deleting the file. This vulnerability is fixed in 1.14.1.

AnalysisAI

{} blocks that fire unconditionally - even when the preceding ownership-checked read fails - scoping deletion only by raw primary key with no userId or workspaceId constraint. Versions 1.11.1 through 1.14.0 are affected; no public exploit or CISA KEV listing identified at time of analysis, though the fix commit confirms the root cause and makes exploitation trivially reproducible.

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate as manager or admin in multi-user mode
Delivery
Enumerate integer fileIds sequentially
Exploit
POST to /api/workspace/:slug/embed-parsed-file/:fileId
Execution
Ownership-checked read fails but finally{} block executes unconditionally
Persist
Delete issued by primary key only, no userId/workspaceId check
Impact
Victim's parsed files destroyed silently across all workspaces

Vulnerability AssessmentAI

Exploitation Exploitation requires an account with manager or admin role in AnythingLLM's multi-user mode - the vulnerability does not exist in single-user deployments. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS vector CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N contains a clear inconsistency: base metrics C:N/I:N/A:N imply zero real-world impact, which directly contradicts a vulnerability enabling arbitrary cross-user file deletion. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with manager or admin credentials in a multi-user AnythingLLM deployment iterates integer values of fileId in POST requests to /api/workspace/any-slug/embed-parsed-file/{fileId}, targeting files owned by other users or in workspaces they are not a member of. Each request silently deletes the corresponding parsed file record even though the server returns 'File not found,' providing no obvious indication to the victim or monitoring systems that deletion occurred. …
Remediation Upgrade AnythingLLM to version 1.14.1, which scopes the delete operation to both userId and workspaceId in addition to the fileId primary key, as confirmed by commits 34a42a33eaafe78b1e4020995ce8e9fd34d26c65 and 683fe3dfdc74b6d94c445a25bb0f2f218665a4c6. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2023-4899 HIGH POC
8.8 Sep 12

SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high severity (CVSS 8.8), this vulne

CVE-2023-4898 HIGH POC
7.5 Sep 12

Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high sev

CVE-2026-32626 CRITICAL
9.6 Mar 13

XSS in AnythingLLM 1.11.1 and earlier.

CVE-2026-32628 HIGH
7.7 Mar 13

SQL injection in AnythingLLM versions 1.11.1 and earlier enables authenticated users to execute arbitrary SQL commands a

CVE-2026-32617 HIGH
7.1 Mar 13

AnythingLLM versions 1.11.1 and earlier contain an authentication bypass vulnerability on default installations where th

CVE-2026-41318 MEDIUM
5.4 Apr 24

Stored DOM-level XSS in AnythingLLM's chart caption rendering allows authenticated users in shared workspaces to inject

CVE-2026-48789 MEDIUM
4.3 Jun 24

Path traversal in AnythingLLM's document folder listing endpoint on Windows allows authenticated low-privilege users to

CVE-2026-42456 MEDIUM
4.3 May 08

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti

CVE-2026-32719 MEDIUM
4.2 Mar 13

AnythingLLM versions 1.11.1 and earlier contain a Zip Slip path traversal vulnerability in the community plugin import f

CVE-2026-32715 LOW
3.8 Mar 13

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti

CVE-2026-32717 LOW
2.7 Mar 13

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti

CVE-2026-47713 LOW
2.0 May 28

Stale mobile device tokens in AnythingLLM survive single-user to multi-user mode migration with a null userId, allowing

Share

CVE-2026-55611 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy