{"data":{"id":"a53143c0-7670-4add-9660-224b828b86c8","title":"CVE-2026-24477: AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti","summary":"AnythingLLM is an application that lets users feed documents into an LLM so it can reference them during conversations. Versions before 1.10.0 had a security flaw where an API key (QdrantApiKey) for Qdrant, the database that stores document information, could be exposed to anyone without authentication (credentials). If exposed, attackers could read or modify all the documents and knowledge stored in the database, breaking the system's ability to search and retrieve information correctly.","solution":"Update AnythingLLM to version 1.10.0 or later. According to the source: 'Version 1.10.0 patches the issue.'","labels":["security","privacy"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-24477","publishedAt":"2026-01-27T05:15:51.150Z","cveId":"CVE-2026-24477","cweIds":["CWE-201"],"cvssScore":"7.5","cvssSeverity":"high","severity":"high","attackType":["data_extraction","pii_leakage"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["AnythingLLM","Qdrant"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00036,"patchAvailable":null,"disclosureDate":null,"capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity"],"aiComponentTargeted":"rag","llmSpecific":false,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}