Vulnerabilities ›

CVE-2026-24477

High ⚡ Exploit Available

CWE-201 — Weakness Type

                    Published: Jan 27, 2026                      ·  Modified: Feb 28, 2026                      ·  Source: NVD                

CVSS v3

7.5

🔗 NVD Official

📄 Description (English)

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticated users via the `/api/setup-complete` endpoint. Leakage of QdrantApiKey allows an unauthenticated attacker full read/write access to the Qdrant vector database instance used by AnythingLLM. Since Qdrant often stores the core knowledge base for RAG in AnythingLLM, this can lead to complete compromise of the semantic search / retrieval functionality and indirect leakage of confidential uploaded documents. Version 1.10.0 patches the issue.

🤖 AI Executive Summary

AnythingLLM versions prior to 1.10.0 expose Qdrant API keys in plain text via an unauthenticated endpoint, allowing attackers to gain full read/write access to vector databases containing sensitive organizational knowledge and documents. This vulnerability is particularly critical for Saudi organizations using AnythingLLM for document processing and AI-powered search, as it enables complete compromise of confidential data stored in vector databases. With exploits already available and affecting multiple sectors, immediate patching is essential.

📄 Description (Arabic)

🤖 AI Intelligence Analysis Analyzed: May 4, 2026 14:17

🇸🇦 Saudi Arabia Impact Assessment

This vulnerability poses significant risk to Saudi financial institutions (SAMA-regulated banks) using AnythingLLM for document analysis and compliance research, government agencies (NCA oversight) processing classified information through AI systems, healthcare organizations (MOH) storing patient data and medical documents, energy sector (ARAMCO, SEC) managing technical documentation, and telecommunications providers (STC, Mobily) using AI for customer service. The exposure of vector database contents could lead to unauthorized access to proprietary research, financial models, customer data, and strategic documents. Organizations in regulated sectors face compliance violations under NCA ECC 2024 and SAMA CSF requirements.

🏢 Affected Saudi Sectors

Banking and Financial Services Government and Public Administration Healthcare Energy and Utilities Telecommunications Insurance Legal Services Education

🎯 MITRE ATT&CK Techniques

T1526 - Exposure of Sensitive Information T1589 - Gather Victim Identity Information T1590 - Gather Victim Network Information T1592 - Gather Victim Host Information T1110 - Brute Force T1555 - Credentials from Password Stores T1187 - Forced Authentication T1040 - Network Sniffing T1213 - Data from Information Repositories T1530 - Data from Cloud Storage

⚖️ Saudi Risk Score (AI)

8.2

/ 10.0

🔧 Remediation Steps (English)

IMMEDIATE ACTIONS:

1. Upgrade AnythingLLM to version 1.10.0 or later immediately

2. Rotate all Qdrant API keys used with AnythingLLM instances

3. Audit Qdrant access logs for unauthorized access since deployment

4. Review vector database contents for unauthorized modifications or data exfiltration



PATCHING GUIDANCE:

1. Test version 1.10.0 in non-production environment first

2. Schedule maintenance window for production upgrades

3. Backup Qdrant database before patching

4. Verify API key is no longer exposed after upgrade via curl -s http://localhost:3001/api/setup-complete | grep -i qdrant



COMPENSATING CONTROLS (if immediate patching not possible):

1. Implement network-level access controls restricting /api/setup-complete endpoint to authenticated users only

2. Deploy WAF rules blocking unauthenticated access to setup endpoints

3. Rotate Qdrant API keys immediately and implement key rotation policy

4. Monitor Qdrant access logs for suspicious activity

5. Isolate AnythingLLM instances on separate network segments



DETECTION RULES:

1. Monitor for GET/POST requests to /api/setup-complete from unauthenticated sources

2. Alert on Qdrant API key exposure in HTTP responses

3. Track unusual Qdrant database access patterns or bulk data retrieval

4. Monitor for API key usage from unexpected IP addresses or geographic locations

🔧 خطوات المعالجة (العربية)

الإجراءات الفورية:

1. ترقية AnythingLLM إلى الإصدار 1.10.0 أو أحدث فوراً

2. تدوير جميع مفاتيح واجهة برمجة تطبيقات Qdrant المستخدمة مع حالات AnythingLLM

3. تدقيق سجلات وصول Qdrant للكشف عن الوصول غير المصرح به منذ النشر

4. مراجعة محتويات قاعدة البيانات المتجهة للتعديلات غير المصرح بها أو تسرب البيانات

إرشادات التصحيح:

1. اختبار الإصدار 1.10.0 في بيئة غير الإنتاج أولاً

2. جدولة نافذة صيانة لترقيات الإنتاج

3. نسخ احتياطي من قاعدة بيانات Qdrant قبل التصحيح

4. التحقق من عدم تعريض مفتاح API بعد الترقية عبر curl -s http://localhost:3001/api/setup-complete | grep -i qdrant

الضوابط البديلة (إذا لم يكن التصحيح الفوري ممكناً):

1. تنفيذ ضوابط الوصول على مستوى الشبكة لتقييد نقطة النهاية /api/setup-complete للمستخدمين المصرح لهم فقط

2. نشر قواعد جدار الحماية لحجب الوصول غير المصرح به إلى نقاط نهاية الإعداد

3. تدوير مفاتيح واجهة برمجة تطبيقات Qdrant فوراً وتنفيذ سياسة تدوير المفاتيح

4. مراقبة سجلات وصول Qdrant للنشاط المريب

5. عزل حالات AnythingLLM على أجزاء شبكة منفصلة

قواعد الكشف:

1. مراقبة طلبات GET/POST إلى /api/setup-complete من مصادر غير مصرح بها

2. تنبيه عند تعريض مفتاح واجهة برمجة تطبيقات Qdrant في استجابات HTTP

3. تتبع أنماط وصول قاعدة بيانات Qdrant غير العادية أو استرجاع البيانات بكميات كبيرة

4. مراقبة استخدام مفتاح API من عناوين IP أو مواقع جغرافية غير متوقعة

📋 Regulatory Compliance Mapping

🟢 NCA ECC 2024

A.5.1.1 - Information security policies and procedures A.6.1.2 - Access control and authentication A.8.2.1 - Classification of information A.8.2.3 - Handling of assets A.12.2.1 - Monitoring and logging A.12.4.1 - Event logging A.13.1.1 - Network security perimeter A.14.2.1 - Secure development policy

🔵 SAMA CSF

Governance - Information Security Governance Identify - Asset Management Identify - Access Control Protect - Data Protection and Privacy Protect - Cryptography Detect - Security Monitoring and Alerting Respond - Incident Response and Management

🟡 ISO 27001:2022

5.3 - Segregation of duties 6.2 - Information security policies 8.1 - Operational planning and control 8.2 - Supply chain relationships 8.3 - Information and communication A.5.1.1 - Policies for information security A.6.1.2 - Access control A.8.2.1 - Classification of information A.8.3.1 - Handling of assets A.12.2.1 - Monitoring A.12.4.1 - Event logging A.13.1.1 - Network security A.14.2.1 - Secure development

🟣 PCI DSS v4.0.1

Requirement 2.1 - Default security parameters Requirement 6.2 - Security patches Requirement 7.1 - Access control Requirement 10.2 - Logging and monitoring Requirement 10.3 - Log protection

🔗 References & Sources 1

🔗

https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-gm94-qc2p-xcwf

security-advisories@github.com

Exploit Vendor Advisory

📦 Affected Products / CPE 1 entries

mintplexlabs:anythingllm

📊 CVSS Score

7.5

/ 10.0 — High

📊 CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack VectorN — None / Network

Attack ComplexityL — Low / Local

Privileges RequiredN — None / Network

User InteractionN — None / Network

ScopeU — Unchanged

ConfidentialityH — High

IntegrityN — None / Network

AvailabilityN — None / Network

📋 Quick Facts

Severity High

CVSS Score7.5

CWECWE-201

EPSS0.03%

Exploit ✓ Yes

Patch ✓ Yes

Published 2026-01-27

Source Feed nvd

🇸🇦 Saudi Risk Score

8.2

/ 10.0 — Saudi Risk

Priority: CRITICAL

🏷️ Tags

exploit-available CWE-201

🏢 Vendor Advisories

🔗 https://github.com/Mintplex-Labs/anything-llm/securi...

⚡ Actions

🔗 NVD Official Page ⚡ Exploit-DB Search 🐙 GitHub PoC Search 🎯 MITRE ATT&CK 📊 CVE Details

💬 Comments

Loading comments

CVE-2026-24477

💬 Comments

Introduce Yourself

Sign In Required