Vulnerability in Mintplex-labs Anything-llm

CVE-2026-24477

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this Qdr…

EPSS: 0.104 (93.3th percentile) — read the EPSS interpretation.

Affected products

Mintplex-labs Anything-llm — versions < 1.10.0

Weakness classification (CWE)

CWE-201 — Insertion of Sensitive Information into Sent Data

References

https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-gm94-qc2p-xcwf (x_refsource_CONFIRM)