Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token created in single-user mode can survive single-user -> multi-user migration even when the device record has userId = null. In multi-user mode, that stale token is still accepted by the mobile authentication middleware. Because no user is attached to the request, downstream mobile handlers fall back to unscoped data-access branches and return workspaces and workspace content without per-user filtering. This permits a pre-migration mobile token to enumerate a workspace assigned only to another user and retrieve victim-owned thread metadata and chat content in multi-user mode. This vulnerability is fixed in 1.13.0.
Published: 2026-05-28
Score: 2 Low
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker who possesses a mobile device token created before a migration from single‑user to multi‑user mode to access data that should be restricted to another user. The token remains valid even though its device record has no associated user, and the authentication middleware accepts it in multi‑user mode. Because downstream handlers interpret the request as unscoped, they disclose workspace listings, thread metadata and chat content belonging to other users. This flaw is rooted in improper access control and the failure to enforce user scoping after mode change, as reflected by the related CWE identifiers.

Affected Systems

Mintplex‑Labs AnythingLLM versions earlier than 1.13.0 are vulnerable. The issue was specifically observed in deployments that performed a single‑user to multi‑user migration while legacy device tokens remained in circulation.

Risk and Exploitability

The CVSS score of 2 indicates a low overall severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog. Attackers would need possession of a pre‑migration mobile token, which can be obtained by any party that managed a device before the migration. Once a token is in hand, the exploitation process is straightforward: the attacker authenticates with the token and can retrieve unfiltered data belonging to other users. The high potential for data disclosure is limited by the low CVSS and the lack of a publicly disclosed exploit, but the risk remains significant for organizations that have not yet updated to a patched release.

Generated by OpenCVE AI on May 28, 2026 at 22:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update AnythingLLM to version 1.13.0 or later.
  • Invalidate or delete all device tokens that were created before the migration to multi‑user mode.
  • Require re‑authentication for all users to generate new tokens and verify that no old tokens exist in the system.

Generated by OpenCVE AI on May 28, 2026 at 22:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 29 May 2026 17:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 28 May 2026 22:45:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs
Mintplexlabs anything-llm
Vendors & Products Mintplexlabs
Mintplexlabs anything-llm

Thu, 28 May 2026 21:30:00 +0000

Type Values Removed Values Added
Description AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token created in single-user mode can survive single-user -> multi-user migration even when the device record has userId = null. In multi-user mode, that stale token is still accepted by the mobile authentication middleware. Because no user is attached to the request, downstream mobile handlers fall back to unscoped data-access branches and return workspaces and workspace content without per-user filtering. This permits a pre-migration mobile token to enumerate a workspace assigned only to another user and retrieve victim-owned thread metadata and chat content in multi-user mode. This vulnerability is fixed in 1.13.0.
Title AnythingLLM: Legacy mobile device tokens bypass multi-user workspace scoping after mode migration
Weaknesses CWE-285
CWE-639
References
Metrics cvssV3_1

{'score': 2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N'}

Subscriptions

Mintplexlabs Anything-llm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-29T14:48:59.134Z

Reserved: 2026-05-19T21:29:25.482Z

Link: CVE-2026-47713

cve-icon Vulnrichment

Updated: 2026-05-29T14:48:54.176Z

cve-icon NVD

Status : Undergoing Analysis

Published: 2026-05-28T22:17:01.250

Modified: 2026-05-29T16:16:31.353

Link: CVE-2026-47713

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-28T22:30:28Z

Weaknesses