CVE-2026-32628 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injecti…
High CVSS: 7.7

CVE-2026-32628

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent to execute arbitrary SQL commands on connected databases. The getTableSchemaSql() method in all three database connectors (MySQL, PostgreSQL, MSSQL) constructs SQL queries using direct string concatenation of the table_name parameter without sanitization or parameterization.
Vendor
Mintplexlabs
Product
Anythingllm
CWE
CWE-89
Yayın Tarihi
2026-03-16 14:19:40
Güncelleme
2026-03-16 20:33:27
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-89 Anythingllm HIGH Mintplexlabs 2026

Referanslar

https://github.com/Mintplex-Labs/anything-llm/commit/334ce052f063b53a4275518cbed3bab357695d7e https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-jwjx-mw2p-5wc7