CVE-2026-42456
Received Received - Intake
Insecure Direct Object Reference in AnythingLLM TTS Endpoint

Publication date: 2026-05-08

Last updated on: 2026-05-08

Assigner: GitHub, Inc.

Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user's chat response within the same workspace because the route validates workspace membership but does not enforce ownership of the targeted chat row. As a result, an authenticated user can access another user's private assistant response in audio form if the chatId is known or guessed. This constitutes an insecure direct object reference (IDOR) affecting private chat response content exposed through the TTS endpoint. This issue has been patched in version 1.12.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-08
Last Modified
2026-05-08
Generated
2026-05-09
AI Q&A
2026-05-09
EPSS Evaluated
N/A
NVD
CVE-2026-42456
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
anythingllm anythingllm to 1.12.1 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-200 The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability exists in AnythingLLM versions prior to 1.12.1. It occurs because the GET /api/workspace/:slug/tts/:chatId endpoint returns text-to-speech audio for chat responses without properly verifying that the requesting user owns the targeted chat. Although the route checks if the user is a member of the workspace, it does not enforce ownership of the specific chatId. As a result, an authenticated user can access another user's private assistant response audio if they know or guess the chatId. This is an example of an insecure direct object reference (IDOR) vulnerability.


How can this vulnerability impact me? :

This vulnerability can lead to unauthorized disclosure of private chat responses in audio form. An attacker who is authenticated and a member of the same workspace can listen to another user's private assistant responses by exploiting the IDOR flaw. This compromises the confidentiality of sensitive or private information shared in chats.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, you should upgrade AnythingLLM to version 1.12.1 or later, where the issue has been patched.


How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

The vulnerability allows an authenticated user to access another user's private assistant response in audio form due to insecure direct object reference (IDOR). This exposure of private chat content could lead to unauthorized disclosure of personal or sensitive information.

Such unauthorized access to private data may impact compliance with data protection regulations like GDPR and HIPAA, which require strict controls on access to personal and sensitive information to protect user privacy and confidentiality.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart