CVE-2026-32617 affects Mintplex-Labs' AnythingLLM application, which transforms content into context usable by large language models (LLMs). Versions 1.11.1 and earlier have a critical security flaw where, by default, no authentication is required on HTTP endpoints or the agent WebSocket if no password or API key is configured. Furthermore, the server's Cross-Origin Resource Sharing (CORS) policy is overly permissive, accepting requests from any origin, which violates the principle of least privilege and enables cross-domain attacks. The desktop version binds to the loopback interface (127.0.0.1), which restricts direct external access. However, modern browsers implement Private Network Access (PNA), which blocks public websites from making requests to private IP addresses, such as localhost or LAN IPs. This browser-level protection limits exploitation to attackers on the same local network. The vulnerability is classified under CWE-942 (Permissive Cross-domain Policy with Untrusted Domains) and CWE-1188 (Improper Access Control). The CVSS v3.1 score is 7.1 (high), reflecting the high impact on confidentiality and integrity, moderate attack complexity, no privileges required, and user interaction needed. Although no exploits are currently known in the wild, the risk remains significant for local network attackers who can leverage this flaw to access sensitive data or manipulate the AnythingLLM service without authorization.

This vulnerability poses a significant risk to organizations deploying AnythingLLM in environments where local network access is shared or not tightly controlled. Unauthorized users on the same LAN can exploit the lack of authentication and permissive CORS policy to access sensitive information processed by AnythingLLM or inject malicious commands via the WebSocket interface. This can lead to data leakage, unauthorized data manipulation, and potential disruption of LLM-based workflows. The confidentiality and integrity of data are primarily at risk, while availability impact is low. Since exploitation requires local network access, organizations with open or poorly segmented internal networks are most vulnerable. The risk is heightened in environments where AnythingLLM is used to process sensitive or proprietary content. Attackers could also use this vulnerability as a foothold for further lateral movement within the network.

To mitigate this vulnerability, organizations should immediately configure AnythingLLM to require strong authentication, such as setting a robust password or API key, to restrict access to HTTP endpoints and WebSocket agents. Administrators should tighten the CORS policy to explicitly allow only trusted origins rather than accepting any origin. Network segmentation should be enforced to limit access to AnythingLLM services strictly to authorized users and devices within the local network. Employ firewall rules or host-based access controls to restrict inbound connections to the loopback interface or trusted IP ranges. Monitoring and logging of access to AnythingLLM endpoints should be enabled to detect suspicious activity. Users should upgrade to patched versions once available and avoid running AnythingLLM on shared or untrusted networks. Additionally, educating users about the risks of local network attacks and encouraging secure deployment practices will further reduce exposure.