Skip to main content

AnythingLLM EUVDEUVD-2026-33069

| CVE-2026-47713 LOW
Improper Authorization (CWE-285)
2026-05-28 GitHub_M
2.0
CVSS 3.1 · GitHub Advisory

Severity by source

GitHub Advisory PRIMARY
2.0 LOW
AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

Primary rating from GitHub Advisory · only source for this CVE.

CVSS VectorGitHub Advisory

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Attack Vector
Network
Attack Complexity
High
Privileges Required
High
User Interaction
Required
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None

Lifecycle Timeline

3
Patch available
May 28, 2026 - 23:02 EUVD
Source Code Evidence Fetched
May 28, 2026 - 21:50 vuln.today
Analysis Generated
May 28, 2026 - 21:50 vuln.today

DescriptionGitHub Advisory

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token created in single-user mode can survive single-user -> multi-user migration even when the device record has userId = null. In multi-user mode, that stale token is still accepted by the mobile authentication middleware. Because no user is attached to the request, downstream mobile handlers fall back to unscoped data-access branches and return workspaces and workspace content without per-user filtering. This permits a pre-migration mobile token to enumerate a workspace assigned only to another user and retrieve victim-owned thread metadata and chat content in multi-user mode. This vulnerability is fixed in 1.13.0.

AnalysisAI

Stale mobile device tokens in AnythingLLM survive single-user to multi-user mode migration with a null userId, allowing a pre-migration token holder to bypass per-user data filtering and access other users' workspace content. Affected are all AnythingLLM installations (cpe:2.3:a:mintplex-labs:anything-llm) prior to version 1.13.0 that have undergone a single-user to multi-user migration while mobile device tokens existed. An attacker retaining a previously approved mobile token can enumerate workspaces and retrieve thread metadata and chat history belonging to other users. No public exploit identified at time of analysis and this CVE is not listed in CISA KEV.

Technical ContextAI

AnythingLLM (Mintplex-Labs) is an LLM-context application with a mobile interface that uses device-based token authentication. In single-user mode, approved mobile device records are stored in the desktop_mobile_devices table with a userId column that may be null. The mobile authentication middleware accepts these tokens without validating userId presence, and downstream handlers contain unscoped data-access fallback branches that activate when no user is attached to the request - exposing workspace and chat data without per-user ACL enforcement. CWE-285 (Improper Authorization) precisely describes the root cause: the authorization model fails to enforce user-scoped access when the identity binding (userId) is null, rather than treating a null userId as an invalid or unauthorized state. The commit diff confirms the fix calls MobileDevice.migrateDevicesToMultiUser() during multi-user enablement, which reassigns all null-userId device records to the admin user, eliminating the orphaned token condition.

RemediationAI

Upgrade AnythingLLM to version 1.13.0, which introduces a MobileDevice.migrateDevicesToMultiUser() call during the single-user to multi-user migration flow. This reassigns all mobile device records with a null userId to the migrating admin user, eliminating orphaned tokens. The patch commit is available at https://github.com/Mintplex-Labs/anything-llm/commit/9d714f95c124b61df00b840e36f623a2eb7e7eb4 and the vendor advisory at https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-h349-hp2v-8rhw. As a compensating control for operators who cannot immediately upgrade, manually auditing and revoking all mobile device tokens in the desktop_mobile_devices table where userId IS NULL before or immediately after completing a single-user to multi-user migration will eliminate the vulnerable token state. Note that revoking tokens will force re-approval of legitimate mobile devices.

CVE-2023-4899 HIGH POC
8.8 Sep 12

SQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high severity (CVSS 8.8), this vulne

CVE-2023-4898 HIGH POC
7.5 Sep 12

Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high sev

CVE-2026-32626 CRITICAL
9.6 Mar 13

XSS in AnythingLLM 1.11.1 and earlier.

CVE-2026-32628 HIGH
7.7 Mar 13

SQL injection in AnythingLLM versions 1.11.1 and earlier enables authenticated users to execute arbitrary SQL commands a

CVE-2026-32617 HIGH
7.1 Mar 13

AnythingLLM versions 1.11.1 and earlier contain an authentication bypass vulnerability on default installations where th

CVE-2026-41318 MEDIUM
5.4 Apr 24

Stored DOM-level XSS in AnythingLLM's chart caption rendering allows authenticated users in shared workspaces to inject

CVE-2026-48789 MEDIUM
4.3 Jun 24

Path traversal in AnythingLLM's document folder listing endpoint on Windows allows authenticated low-privilege users to

CVE-2026-42456 MEDIUM
4.3 May 08

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti

CVE-2026-32719 MEDIUM
4.2 Mar 13

AnythingLLM versions 1.11.1 and earlier contain a Zip Slip path traversal vulnerability in the community plugin import f

CVE-2026-32715 LOW
3.8 Mar 13

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti

CVE-2026-32717 LOW
2.7 Mar 13

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti

CVE-2026-45403 LOW
2.0 May 28

Symlink following in the AnythingLLM agent filesystem copy tool (versions prior to 1.13.0) allows a highly-privileged au

Share

EUVD-2026-33069 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy