Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected databases. The getTableSchemaSql() method in all three database connectors (MySQL, PostgreSQL, MSSQL) constructs SQL queries using direct string concatenation of the table_name parameter without sanitization or parameterization.
Published: 2026-03-13
Score: 7.7 High
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary SQL Execution
Action: Apply Patch
AI Analysis

Impact

AnythingLLM version 1.11.1 and earlier contain a SQL injection flaw in the built‑in SQL Agent plugin. The getTableSchemaSql() method concatenates the user‑supplied table_name parameter directly into SQL statements for MySQL, PostgreSQL, and MSSQL connectors without sanitization or parameterization. This allows an attacker who can invoke the agent to execute arbitrary SQL commands on any database the application is connected to, potentially compromising confidentiality, integrity, and availability of that data. The weakness is classified as CWE‑89, SQL Injection.

Affected Systems

The affected system is the AnythingLLM application from Mintplex‑Labs. Versions 1.11.1 and earlier are vulnerable. The relevant CPE is cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*. Users should verify their installed version and vendor name against the product specifications.

Risk and Exploitability

The vulnerability has a CVSS score of 7.7, indicating high severity, but an EPSS score of less than 1 % suggests a low probability of exploitation at present. It is not listed in the CISA KEV catalog. The likely attack vector is through the agent’s API or user interface; any user with the ability to invoke the agent can supply a malicious table_name value. The impact is limited to the database(s) that the agent connects to, but could be significant if sensitive data lies there.

Generated by OpenCVE AI on March 16, 2026 at 23:43 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Verify your AnythingLLM installation version; if it is 1.11.1 or older, the system is vulnerable.
  • Upgrade AnythingLLM to the latest released version that includes the fix (refer to the vendor advisory for the specific version number).
  • If upgrading is not immediately possible, disable or restrict access to the SQL Agent plugin or limit user permissions so that only trusted users can invoke it.
  • Monitor the vendor’s security channel for additional advisories or patches.

Generated by OpenCVE AI on March 16, 2026 at 23:43 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs anythingllm
CPEs cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*
Vendors & Products Mintplexlabs anythingllm
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Mon, 16 Mar 2026 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs
Mintplexlabs anything-llm
Vendors & Products Mintplexlabs
Mintplexlabs anything-llm

Fri, 13 Mar 2026 21:15:00 +0000

Type Values Removed Values Added
Description AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected databases. The getTableSchemaSql() method in all three database connectors (MySQL, PostgreSQL, MSSQL) constructs SQL queries using direct string concatenation of the table_name parameter without sanitization or parameterization.
Title AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter
Weaknesses CWE-89
References
Metrics cvssV4_0

{'score': 7.7, 'vector': 'CVSS:4.0/AV:N/AC:H/AT:P/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N'}

Subscriptions

Mintplexlabs Anything-llm Anythingllm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-16T15:41:05.437Z

Reserved: 2026-03-12T15:29:36.558Z

Link: CVE-2026-32628

cve-icon Vulnrichment

Updated: 2026-03-16T15:31:37.226Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:19:40.447

Modified: 2026-03-16T20:33:27.493

Link: CVE-2026-32628

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:39:32Z

Weaknesses