Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticated users via the `/api/setup-complete` endpoint. Leakage of QdrantApiKey allows an unauthenticated attacker full read/write access to the Qdrant vector database instance used by AnythingLLM. Since Qdrant often stores the core knowledge base for RAG in AnythingLLM, this can lead to complete compromise of the semantic search / retrieval functionality and indirect leakage of confidential uploaded documents. Version 1.10.0 patches the issue.
Published: 2026-01-26
Score: 8.7 High
EPSS: 11.2% Moderate
KEV: No
Impact: Data theft and loss of control over the vector database
Action: Immediate Patch
AI Analysis

Impact

AnythingLLM versions before 1.10.0 expose the Qdrant API key in plain text through the /api/setup-complete endpoint when the application is configured to use Qdrant. The exposed key grants attackers full read and write rights to the Qdrant vector database, which often holds the core knowledge base for retrieval-augmented generation. This vulnerability enables an unauthenticated attacker to compromise the semantic search functionality, exfiltrate uploaded documents, and potentially tamper with the system’s data integrity. The weakness corresponds to CWE‑201, an improper restriction of actions on a resource with local privileges.

Affected Systems

The affected system is AnythingLLM from Mintplex‑Labs, any version prior to 1.10.0 that uses Qdrant as the vector database and has an API key configured. The issue applies to all deployments where the /api/setup-complete endpoint is publicly accessible.

Risk and Exploitability

With a CVSS score of 8.7 the vulnerability is considered high severity. The EPSS score of 11% indicates a moderate likelihood of exploitation in the near future. The vulnerability is not listed in CISA’s KEV catalog, but the exposure of database credentials enables direct remote compromise of the underlying data store and potentially the application. Attackers can exploit the issue simply by requesting the /api/setup-complete endpoint, which can be done from any network without authentication. If the API key is valid, they immediately gain write and read capabilities on the database.

Generated by OpenCVE AI on April 15, 2026 at 21:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade AnythingLLM to version 1.10.0 or later, which removes the credential leak from the /api/setup-complete endpoint.
  • If an upgrade is not immediately possible, enforce network restrictions so that only trusted IPs can access the /api/setup-complete endpoint and rotate or revoke the exposed Qdrant API key.
  • Configure Qdrant to require authentication for all API calls and double-check that endpoint access policy restricts unauthenticated requests.

Generated by OpenCVE AI on April 15, 2026 at 21:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 03 Apr 2026 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

 ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 28 Jan 2026 16:00:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs anythingllm
CPEs cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*
Vendors & Products Mintplexlabs anythingllm
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Tue, 27 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 27 Jan 2026 09:15:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs
Mintplexlabs anything-llm
Vendors & Products Mintplexlabs
Mintplexlabs anything-llm

Mon, 26 Jan 2026 23:30:00 +0000

Type Values Removed Values Added
Description AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticated users via the `/api/setup-complete` endpoint. Leakage of QdrantApiKey allows an unauthenticated attacker full read/write access to the Qdrant vector database instance used by AnythingLLM. Since Qdrant often stores the core knowledge base for RAG in AnythingLLM, this can lead to complete compromise of the semantic search / retrieval functionality and indirect leakage of confidential uploaded documents. Version 1.10.0 patches the issue.
Title AnythingLLM has key leak in `systemSettings.js`
Weaknesses CWE-201
References
Metrics cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Mintplexlabs Anything-llm Anythingllm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-04-03T13:16:06.910Z

Reserved: 2026-01-23T00:38:20.547Z

Link: CVE-2026-24477

cve-icon Vulnrichment

Updated: 2026-01-27T21:30:40.435Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-27T00:15:51.150

Modified: 2026-01-28T15:59:06.483

Link: CVE-2026-24477

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-15T21:45:14Z

Weaknesses