CVE-2026-24477

AnythingLLM has key leak in `systemSettings.js`

CVSS 8.7 HIGHEPSS 1.6%CWE-201

In short

AnythingLLM versions before 1.10.0 accidentally exposed database credentials in plain text through a public endpoint, allowing anyone without permission to access and manipulate the entire knowledge base stored in Qdrant. This threatens both the integrity of AI responses and the confidentiality of documents uploaded to the system.

Technical detail

CWE-201 (Exposure of Sensitive Information to an Unauthorized Actor) via `/api/setup-complete` endpoint leaks QdrantApiKey in plain text to unauthenticated users. Pre-condition: AnythingLLM < 1.10.0 configured with Qdrant backend and API key. Impact: Unauthenticated attacker gains full read/write access to vector database, compromising RAG functionality and potentially exposing confidential training documents.

Summary generated and translated by AI from the official description.

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticated users via the `/api/setup-complete` endpoint. Leakage of QdrantApiKey allows an unauthenticated attacker full read/write access to the Qdrant vector database instance used by AnythingLLM. Since Qdrant often stores the core knowledge base for RAG in AnythingLLM, this can lead to complete compromise of the semantic search / retrieval functionality and indirect leakage of confidential uploaded documents. Version 1.10.0 patches the issue.

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Affected products

Mintplex-Labs · anything-llm

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-gm94-qc2p-xcwf