{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-32715", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-13T14:33:42.824Z", "datePublished": "2026-03-13T21:22:00.783Z", "dateUpdated": "2026-03-16T16:46:00.551Z"}, "containers": {"cna": {"title": "AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-wfq3-65gm-3g2p", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-wfq3-65gm-3g2p"}, {"name": "https://github.com/Mintplex-Labs/anything-llm/commit/732eac6fa89f43288bbb65ecc6298ebcd96b7aeb", "tags": ["x_refsource_MISC"], "url": "https://github.com/Mintplex-Labs/anything-llm/commit/732eac6fa89f43288bbb65ecc6298ebcd96b7aeb"}], "affected": [{"vendor": "Mintplex-Labs", "product": "anything-llm", "versions": [{"version": "<= 1.11.1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T21:22:00.783Z"}, "descriptions": [{"lang": "en", "value": "AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin only. Because of this inconsistency, a manager can call the generic endpoints directly to read plaintext SQL database credentials and overwrite admin-only global settings such as the default system prompt and the Community Hub API key."}], "source": {"advisory": "GHSA-wfq3-65gm-3g2p", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-wfq3-65gm-3g2p", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-16T16:45:56.666831Z", "id": "CVE-2026-32715", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T16:46:00.551Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-32715", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-16T16:45:56.666831Z"}}}], "references": [{"url": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-wfq3-65gm-3g2p", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-16T16:45:51.881Z"}}], "cna": {"title": "AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences", "source": {"advisory": "GHSA-wfq3-65gm-3g2p", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.8, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}}], "affected": [{"vendor": "Mintplex-Labs", "product": "anything-llm", "versions": [{"status": "affected", "version": "<= 1.11.1"}]}], "references": [{"url": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-wfq3-65gm-3g2p", "name": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-wfq3-65gm-3g2p", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/Mintplex-Labs/anything-llm/commit/732eac6fa89f43288bbb65ecc6298ebcd96b7aeb", "name": "https://github.com/Mintplex-Labs/anything-llm/commit/732eac6fa89f43288bbb65ecc6298ebcd96b7aeb", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin only. Because of this inconsistency, a manager can call the generic endpoints directly to read plaintext SQL database credentials and overwrite admin-only global settings such as the default system prompt and the Community Hub API key."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-863", "description": "CWE-863: Incorrect Authorization"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-13T21:22:00.783Z"}}}, "cveMetadata": {"cveId": "CVE-2026-32715", "state": "PUBLISHED", "dateUpdated": "2026-03-16T16:46:00.551Z", "dateReserved": "2026-03-13T14:33:42.824Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-13T21:22:00.783Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "matchCriteriaId": "384FD8C3-E046-493C-9996-8E3042229081", "versionEndIncluding": "1.11.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin only. Because of this inconsistency, a manager can call the generic endpoints directly to read plaintext SQL database credentials and overwrite admin-only global settings such as the default system prompt and the Community Hub API key."}], "id": "CVE-2026-32715", "lastModified": "2026-03-16T20:00:30.100", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.8, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 2.5, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-16T14:19:42.493", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/Mintplex-Labs/anything-llm/commit/732eac6fa89f43288bbb65ecc6298ebcd96b7aeb"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-wfq3-65gm-3g2p"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-wfq3-65gm-3g2p"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.11.1]"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "anything-llm", "source": "cna", "vendor": "Mintplex-Labs"}, "product": "anything-llm", "vendor": "mintplexlabs"}], "analysis": {"en": {"generated_at": "2026-03-16T23:03:19.995884+00:00", "value": {"mitigation_remediation": ["Upgrade AnythingLLM to the latest release that no longer exposes the privileged system-preferences endpoints to manager roles.", "Review and tighten role\u2011based permissions so manager users cannot call admin\u2011only endpoints.", "Implement network segmentation to isolate manager accounts from accessing sensitive API endpoints.", "Regularly review vendor advisories and apply any new patches or configuration updates."], "summary": {"action": "Patch", "impact": "Privilege Escalation"}, "threat_synthesis": {"affected_systems": "Products: Mintplex-Labs AnythingLLM; Versions: 1.11.1 and earlier. The affected CPE string is cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*.", "description_and_impact": "The vulnerability in AnythingLLM allows a manager user to bypass intended role restrictions and access or modify settings that should be restricted to administrators. By calling generic system-preferences endpoints that incorrectly allow manager role access, the attacker can read plaintext SQL database credentials and overwrite vital global configurations such as the default system prompt and the Community Hub API key. This results in a breach of confidentiality (credential disclosure) and integrity (alteration of system settings), as identified by CWE-863.", "risk_and_exploitability": "The CVSS score of 3.8 indicates low to moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation. The vulnerability is not currently listed in the CISA KEV catalog. Attackers would need to have an authenticated manager session and could exploit the flaw by sending HTTP requests to the generic system-preferences endpoints; the likely vector is internal or local network access."}}}}, "created": "2026-03-16T09:22:37.922663+00:00", "updated": "2026-03-23T13:39:17.520248+00:00", "vendors": ["mintplexlabs", "mintplexlabs$PRODUCT$anything-llm"]}