CNNVD-202601-4430 Information
Jan 27, 2026
cve
CNNVD ID
CNNVD-202601-4430
Related CVE
- CNNVD Published: 2026-01-27
Description (Chinese)
AnythingLLM是Mintplex开源的一个一体化AI应用程序。 AnythingLLM 1.10.0之前版本存在安全漏洞,该漏洞源于/api/setup-complete端点以明文暴露QdrantApiKey,可能导致攻击者获得对向量数据库的读写访问权限。
Description (English)
Anything LLM is an integrated AI application from Mintplex open source. There was a security loophole in the pre-AythingLM 1.10.0 version, which originated from/api/setup-complete endpoint to explicitly expose QdrantApiKey, which could lead to the attackers being granted reading and writing access to vector databases.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
Mintplex
Published
2026-01-27
Last Modified
2026-02-24
References
https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-gm94-qc2p-xcwf
Patch
https://github.com/Mintplex-Labs/anything-llm/releases
Share on: