CVE-2024-8196

Source
https://cve.org/CVERecord?id=CVE-2024-8196
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8196.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-8196
Published
2025-03-20T10:11:34.868Z
Modified
2026-07-15T01:49:13.084636833Z
Severity
  • 9.8 (Critical) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
Summary
Missing Authentication for Critical Function in mintplex-labs/anything-llm
Details

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace.

Database specific
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/8xxx/CVE-2024-8196.json",
    "cwe_ids": [
        "CWE-306"
    ],
    "unresolved_ranges": [
        {
            "extracted_events": [
                {
                    "fixed": "1.6.5"
                }
            ],
            "source": "AFFECTED_FIELD"
        }
    ],
    "cna_assigner": "@huntr_ai"
}
References

Affected packages

Git / github.com/mintplex-labs/anything-llm

Affected ranges

Type
GIT
Repo
https://github.com/mintplex-labs/anything-llm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "source": "REFERENCES"
}

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-8196.json"