CNNVD-202601-785 Information

CNNVD ID

CNNVD-202601-785

Related CVE

CVE-2026-21484

• CNNVD Published: 2026-01-03

Description (Chinese)

AnythingLLM是Mintplex开源的一个一体化AI应用程序。 AnythingLLM存在安全漏洞，该漏洞源于密码恢复端点返回不同错误信息，可能导致用户名枚举。

Description (English)

Anything LLM is an integrated AI application from Mintplex open source. AnythingLM has a security loophole, which results from the password restoration endpoint returning different error messages, which may lead to the user count.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

Mintplex

Published

2026-01-03

Last Modified

2026-02-24

References

https://github.com/Mintplex-Labs/anything-llm/commit/e287fab56089cf8fcea9ba579a3ecdeca0daa313 https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-47vr-w3vm-69ch https://access.redhat.com/security/cve/cve-2026-21484

Patch

https://anythingllm.com/desktop