Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin only. Because of this inconsistency, a manager can call the generic endpoints directly to read plaintext SQL database credentials and overwrite admin-only global settings such as the default system prompt and the Community Hub API key.
Published: 2026-03-13
Score: 3.8 Low
EPSS: < 1% Very Low
KEV: No
Impact: Privilege Escalation
Action: Patch
AI Analysis

Impact

The vulnerability in AnythingLLM allows a manager user to bypass intended role restrictions and access or modify settings that should be restricted to administrators. By calling generic system-preferences endpoints that incorrectly allow manager role access, the attacker can read plaintext SQL database credentials and overwrite vital global configurations such as the default system prompt and the Community Hub API key. This results in a breach of confidentiality (credential disclosure) and integrity (alteration of system settings), as identified by CWE-863.

Affected Systems

Products: Mintplex-Labs AnythingLLM; Versions: 1.11.1 and earlier. The affected CPE string is cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*.

Risk and Exploitability

The CVSS score of 3.8 indicates low to moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not currently listed in the CISA KEV catalog. Attackers would need to have an authenticated manager session and could exploit the flaw by sending HTTP requests to the generic system-preferences endpoints; the likely vector is internal or local network access.

Generated by OpenCVE AI on March 16, 2026 at 23:03 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade AnythingLLM to the latest release that no longer exposes the privileged system-preferences endpoints to manager roles.
  • Review and tighten role‑based permissions so manager users cannot call admin‑only endpoints.
  • Implement network segmentation to isolate manager accounts from accessing sensitive API endpoints.
  • Regularly review vendor advisories and apply any new patches or configuration updates.

Generated by OpenCVE AI on March 16, 2026 at 23:03 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs anythingllm
CPEs cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*
Vendors & Products Mintplexlabs anythingllm

Mon, 16 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs
Mintplexlabs anything-llm
Vendors & Products Mintplexlabs
Mintplexlabs anything-llm

Fri, 13 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
Description AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin only. Because of this inconsistency, a manager can call the generic endpoints directly to read plaintext SQL database credentials and overwrite admin-only global settings such as the default system prompt and the Community Hub API key.
Title AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences
Weaknesses CWE-863
References
Metrics cvssV3_1

{'score': 3.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N'}

Subscriptions

Mintplexlabs Anything-llm Anythingllm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-16T16:46:00.551Z

Reserved: 2026-03-13T14:33:42.824Z

Link: CVE-2026-32715

cve-icon Vulnrichment

Updated: 2026-03-16T16:45:51.881Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:19:42.493

Modified: 2026-03-16T20:00:30.100

Link: CVE-2026-32715

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:39:17Z

Weaknesses