Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow still deletes the target file by primary key only, with no ownership check, inside two finally{} blocks that run even when the ownership-checked read fails. As a result a manager or admin (multi-user mode) can delete any other user's parsed file in any workspace — including workspaces they are not a member of — by enumerating integer fileIds. The server even returns "File not found" while still deleting the file. This vulnerability is fixed in 1.14.1.
Published: 2026-06-24
Score: 0 Low
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

An authenticated user with manager or admin privileges can delete any parsed file by specifying its numeric identifier. The delete operation performs a sole primary‑key lookup without checking the owning workspace or user, and runs in cleanup blocks even when an ownership check fails, causing the file to be removed while the response still indicates "File not found." This permits overt data tampering and loss of user‑specific content, affecting confidentiality and integrity.

Affected Systems

The vulnerability exists in Mintplex‑Labs AnythingLLM versions 1.11.1 through 1.14.1, inclusive. Any deployment of these releases using the /api/workspace/:slug/embed-parsed-file/:fileId endpoint is susceptible. The fix is introduced in 1.14.1 and later builds, so older releases remain at risk.

Risk and Exploitability

Because the flaw allows a privileged user to enumerate and delete files across any workspace, the risk is high for multi‑tenant installations. The EPSS score is not reported, but the lack of an ownership check and the response consistency imply that exploitation is straightforward for users who accidentally or deliberately maintain elevated roles. The vulnerability is not listed in CISA KEV, yet its severity and broad impact warrant immediate mitigation.

Generated by OpenCVE AI on June 24, 2026 at 20:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Mintplex‑Labs AnythingLLM to version 1.14.1 or later, which enforces workspace and user scoping on deletions.
  • Reduce the number of users with manager or admin privileges to the minimum required for operations.
  • Regularly audit deletion logs for unexpected removal of parsed files and investigate any anomalies promptly.

Generated by OpenCVE AI on June 24, 2026 at 20:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 07:15:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs
Mintplexlabs anything-llm
Vendors & Products Mintplexlabs
Mintplexlabs anything-llm

Wed, 24 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 24 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow still deletes the target file by primary key only, with no ownership check, inside two finally{} blocks that run even when the ownership-checked read fails. As a result a manager or admin (multi-user mode) can delete any other user's parsed file in any workspace — including workspaces they are not a member of — by enumerating integer fileIds. The server even returns "File not found" while still deleting the file. This vulnerability is fixed in 1.14.1.
Title AnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership scoping (cross-tenant IDOR deletion)
Weaknesses CWE-639
References
Metrics cvssV3_1

{'score': 0, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:N'}

Subscriptions

Mintplexlabs Anything-llm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-24T18:32:39.765Z

Reserved: 2026-06-16T23:31:22.445Z

Link: CVE-2026-55611

cve-icon Vulnrichment

Updated: 2026-06-24T18:30:45.782Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T07:00:11Z

Weaknesses
  • CWE-639

    Authorization Bypass Through User-Controlled Key