CVE-2026-42456 - Vulnerability Details

Description

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace because the route validates workspace membership but does not enforce ownership of the targeted chat row. As a result, an authenticated user can access another user's private assistant response in audio form if the chatId is known or guessed. This constitutes an insecure direct object reference (IDOR) affecting private chat response content exposed through the TTS endpoint. This issue has been patched in version 1.12.1.

Published: 2026-05-08

Score: 4.3 Medium

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

AnythingLLM's TTS endpoint allows an authenticated user to retrieve spoken audio of another user's private chat response if the chat ID can be guessed or known. The endpoint verifies only workspace membership and lacks ownership checks, exposing confidential content through an IDOR vulnerability. This results in unaffiliated users hearing private conversations without permission, compromising confidentiality.

Affected Systems

Mintplex‑Labs' AnythingLLM application, version prior to 1.12.1, is affected. The vulnerability exists in any deployment of AnythingLLM that exposes the /api/workspace/:slug/tts/:chatId endpoint without enforcing chat ownership. Only versions older than 1.12.1 are vulnerable; 1.12.1 and later include the fix.

Risk and Exploitability

The CVSS score of 4.3 indicates low severity under the metric set. The EPSS score is not available, so no insight into current exploitation likelihood. The vulnerability is not listed in the CISA KEV catalog. Because the attack requires login to the same workspace and the target chat ID, the threat vector is likely internal user-based or through ID enumeration. The lack of a publicly known exploit lowers immediate risk, but any authenticated user can still access sensitive audio, warranting prompt remediation.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

Mintplex-Labs

anything-llm

affected

Version	Status	Constraints
`< 1.12.1`	affected	—

No data.

Vendor Product Confidence Versions

Mintplexlabs

Anything-llm

98%

Version	Status	Scheme	Platform
`[0,1.12.1)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade AnythingLLM to version 1.12.1 or later to apply the vendor fix.
Verify that the TTS endpoint enforces chat ownership and that only the chat author or authorized users can retrieve audio.
Monitor API usage for anomalous access patterns and restrict or disable the TTS endpoint if not needed in production environments.

Generated by OpenCVE AI on May 9, 2026 at 00:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00008.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/Mintplex-Labs/anything-llm/commit/4f3f77119d342e5489d1ba7533ad6d51bdcd565f
https://github.com/Mintplex-Labs/anything-llm/releases/tag/v1.12.1
https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-jwqg-jfg3-x5vv

History

Sat, 09 May 2026 01:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Mintplexlabs Mintplexlabs anything-llm
Vendors & Products		Mintplexlabs Mintplexlabs anything-llm

Fri, 08 May 2026 23:15:00 +0000

Type	Values Removed	Values Added
Description		AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace because the route validates workspace membership but does not enforce ownership of the targeted chat row. As a result, an authenticated user can access another user's private assistant response in audio form if the chatId is known or guessed. This constitutes an insecure direct object reference (IDOR) affecting private chat response content exposed through the TTS endpoint. This issue has been patched in version 1.12.1.
Title		AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)
Weaknesses		CWE-200 CWE-639
References		https://github.com/Mintplex-Labs/anything-llm/commit/4f3f77119d342e5489d1ba7533ad6d51bdcd565f https://github.com/Mintplex-Labs/anything-llm/releases/tag/v1.12.1 https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-jwqg-jfg3-x5vv
Metrics		cvssV3_1 `{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}`

Subscriptions

Mintplexlabs Anything-llm

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-05-08T23:01:30.213Z

Updated: 2026-05-08T23:01:30.213Z

Reserved: 2026-04-27T13:55:58.693Z

Link: CVE-2026-42456

Vulnrichment

No data.

NVD

Status : Received

Published: 2026-05-08T23:16:39.230

Modified: 2026-05-08T23:16:39.230

Link: CVE-2026-42456

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-09T01:15:06Z

Weaknesses

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object