CVE-2026-24477
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2026-01-27

Last updated on: 2026-01-28

Assigner: GitHub, Inc.

Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticated users via the `/api/setup-complete` endpoint. Leakage of QdrantApiKey allows an unauthenticated attacker full read/write access to the Qdrant vector database instance used by AnythingLLM. Since Qdrant often stores the core knowledge base for RAG in AnythingLLM, this can lead to complete compromise of the semantic search / retrieval functionality and indirect leakage of confidential uploaded documents. Version 1.10.0 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-27
Last Modified
2026-01-28
Generated
2026-06-16
AI Q&A
2026-01-27
EPSS Evaluated
2026-06-14
NVD
CVE-2026-24477
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mintplexlabs anythingllm to 1.10.0 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-201 The code transmits data to another actor, but a portion of the data includes sensitive information that should not be accessible to that actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-24477 is a high-severity vulnerability in AnythingLLM versions prior to 1.10.0 where the QdrantApiKey used for accessing the Qdrant vector database is exposed in plaintext via an unauthenticated endpoint `/api/setup-complete`. This happens because the system settings serialization function fails to mask the API key properly. As a result, an attacker can retrieve this key without any authentication or user interaction, gaining full read/write access to the Qdrant database instance used by AnythingLLM. [1]

Impact Analysis

An attacker exploiting this vulnerability can read all embedded vectors and metadata stored in the Qdrant database, potentially extracting sensitive document content. They can also delete or overwrite collections, causing data loss or corruption, enumerate documents and workspaces exposing private user data, and in multi-tenant environments, cause cross-workspace data leakage or denial of service. This leads to a complete compromise of the semantic search and retrieval functionality and indirect leakage of confidential uploaded documents. [1]

Detection Guidance

This vulnerability can be detected by sending an unauthenticated HTTP GET request to the `/api/setup-complete` endpoint of the AnythingLLM instance configured with Qdrant. If the QdrantApiKey is exposed in the JSON response in plaintext, the system is vulnerable. For example, you can use the following command to check: `curl -s http://<anythingllm-host>/api/setup-complete | grep QdrantApiKey`. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade AnythingLLM to version 1.10.0 or later, where the vulnerability is patched by properly masking the QdrantApiKey in the `/api/setup-complete` endpoint response. Until the upgrade, restrict access to the `/api/setup-complete` endpoint to trusted users or internal networks to prevent unauthenticated access. [1]

Compliance Impact

The vulnerability exposes the QdrantApiKey in plaintext to unauthenticated users, allowing full read/write access to the vector database that may contain confidential uploaded documents. This exposure can lead to indirect leakage of sensitive and private data, which could result in non-compliance with data protection regulations such as GDPR and HIPAA that require safeguarding personal and confidential information against unauthorized access. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-24477. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart