Executive Summary

[{'type': 'paragraph', 'content': "CVE-2026-32628 is a high-severity SQL injection vulnerability in the AnythingLLM application's built-in SQL Agent plugin (versions 1.11.1 and earlier). The vulnerability arises because the method getTableSchemaSql() in the MySQL, PostgreSQL, and MSSQL database connectors constructs SQL queries by directly concatenating the table_name parameter without any sanitization or parameterization."}, {'type': 'paragraph', 'content': "Since the table_name parameter is derived from user prompts via the LLM's function call arguments and is untrusted, an attacker with authenticated access and workspace permissions can inject arbitrary SQL commands. This allows execution of malicious SQL queries on connected databases."}, {'type': 'paragraph', 'content': 'The vulnerability enables attackers to perform UNION-based SQL injection to read sensitive data, execute stacked queries to modify or destroy database schema, and even run OS commands on PostgreSQL and MSSQL databases using features like COPY TO PROGRAM and xp_cmdshell.'}] [1]

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can have severe impacts including unauthorized data access, data modification, and system compromise.

• Attackers can exfiltrate sensitive personally identifiable information (PII) such as names, Social Security numbers, and credit card numbers.
• Attackers can execute arbitrary SQL commands to create, modify, or drop database tables, potentially destroying data integrity.
• On PostgreSQL and MSSQL, attackers can escalate to executing operating system commands, leading to full system compromise.
• In default single-user configurations without authentication tokens, any network-adjacent attacker can exploit this without credentials.
• In multi-user environments, any authenticated user with chat access can trigger the injection, increasing the attack surface.

Useful 0 Not Useful 0

Compliance Impact

I don't know

Useful 0 Not Useful 0

Detection Guidance

[{'type': 'paragraph', 'content': 'Detection of this SQL injection vulnerability involves monitoring for suspicious SQL queries that include unsanitized or concatenated table_name parameters in the SQL Agent plugin of AnythingLLM (versions ≤ 1.11.1). Since the vulnerability arises from direct string concatenation of user-supplied table names, unusual or malformed SQL queries targeting INFORMATION_SCHEMA or SHOW COLUMNS commands may indicate exploitation attempts.'}, {'type': 'paragraph', 'content': 'Specifically, you can look for queries similar to the following patterns in your database logs or query monitoring tools:'}, {'type': 'list_item', 'content': 'MySQL: SHOW COLUMNS FROM <database>.<table_name>;'}, {'type': 'list_item', 'content': "PostgreSQL: SELECT column_name, data_type, character_maximum_length, column_default, is_nullable FROM INFORMATION_SCHEMA.COLUMNS WHERE table_name = '<table_name>' AND table_schema = '<schema>'"}, {'type': 'list_item', 'content': "MSSQL: SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = '<table_name>'"}, {'type': 'paragraph', 'content': 'To detect exploitation attempts, you can search for SQL queries containing suspicious characters or SQL keywords injected into the table_name parameter, such as UNION, SELECT, DROP, or stacked queries separated by semicolons.'}, {'type': 'paragraph', 'content': 'Example commands to search logs or monitor queries might include:'}, {'type': 'list_item', 'content': 'grep -iE "SHOW COLUMNS FROM .*;" /path/to/mysql/query.log'}, {'type': 'list_item', 'content': 'grep -iE "INFORMATION_SCHEMA.COLUMNS.*table_name.*" /path/to/postgresql/query.log'}, {'type': 'list_item', 'content': 'grep -iE "INFORMATION_SCHEMA.COLUMNS.*TABLE_NAME.*" /path/to/mssql/query.log'}, {'type': 'paragraph', 'content': "Additionally, monitoring for unexpected or unauthorized execution of OS commands via PostgreSQL's COPY TO PROGRAM or MSSQL's xp_cmdshell stored procedure can indicate exploitation of this vulnerability."}] [1]

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps for CVE-2026-32628 involve preventing exploitation of the SQL injection vulnerability in the AnythingLLM SQL Agent plugin by ensuring that all SQL queries use parameterized queries or proper escaping instead of unsafe string concatenation.

• Update the AnythingLLM application to a version that includes the patch which replaces all unsafe string concatenations with parameterized queries across MySQL, PostgreSQL, and MSSQL connectors.
• If an immediate update is not possible, restrict access to the SQL Agent feature by disabling it or limiting workspace access to trusted users only.
• Ensure that database user roles connected to AnythingLLM are configured with the least privileges necessary, avoiding roles that allow destructive queries or OS command execution.
• Monitor and audit database queries for suspicious activity, especially those involving the table_name parameter or execution of stacked queries.

The patch involves changes such as using parameter placeholders ($1, ?, @p0) and passing parameters separately to the database client libraries, which effectively prevents injection attacks by treating user input as data rather than executable code.

Useful 0 Not Useful 0