The vulnerability identified as CVE-2026-32628 is an SQL injection flaw in the AnythingLLM application developed by Mintplex-Labs, specifically in versions 1.11.1 and earlier. AnythingLLM is designed to convert content into context usable by large language models (LLMs) during chat interactions. The issue resides in the getTableSchemaSql() method within the built-in SQL Agent plugin, which interfaces with databases via three connectors: MySQL, PostgreSQL, and MSSQL. This method constructs SQL queries by directly concatenating the user-controlled parameter table_name into the query string without applying any sanitization or using parameterized queries. This improper neutralization of special elements in SQL commands (CWE-89) enables an attacker with the ability to invoke the SQL Agent plugin to inject and execute arbitrary SQL commands on the backend databases. The CVSS 4.0 score of 7.7 reflects a high severity, considering the vulnerability is remotely exploitable over the network (AV:N), requires partial authentication (PR:L), and has high attack complexity (AC:H). The impact on confidentiality, integrity, and availability is high due to the potential for unauthorized data access, modification, or deletion. Although no known exploits are currently reported in the wild, the vulnerability poses a significant risk to organizations relying on AnythingLLM for LLM context management. The lack of patch links indicates that a fix may not yet be publicly available, emphasizing the need for immediate mitigation efforts.

The exploitation of this SQL injection vulnerability can lead to severe consequences for organizations using AnythingLLM. Attackers can execute arbitrary SQL commands, potentially leading to unauthorized data disclosure, data manipulation, or deletion, which compromises confidentiality, integrity, and availability of critical information. This can result in data breaches, loss of intellectual property, disruption of services, and damage to organizational reputation. Since the vulnerability affects multiple database systems (MySQL, PostgreSQL, MSSQL), the scope of impact is broad across different deployment environments. The requirement for partial authentication limits exploitation to users with some level of access, but given the nature of AnythingLLM's usage in processing content for LLMs, this could include internal users or automated agents, increasing the risk of insider threats or lateral movement. The high attack complexity may reduce the likelihood of widespread exploitation but does not eliminate the risk, especially from skilled attackers targeting organizations with valuable data. The absence of known exploits in the wild currently provides a window for proactive defense, but the vulnerability remains a critical risk until remediated.

To mitigate CVE-2026-32628, organizations should first verify if they are running AnythingLLM version 1.11.1 or earlier and restrict access to the SQL Agent plugin to trusted and authenticated users only. Immediate mitigation includes implementing input validation and sanitization for the table_name parameter to prevent injection of malicious SQL code. Where possible, disable or restrict the use of the SQL Agent plugin until a vendor patch is available. Employ database access controls and least privilege principles to limit the permissions of the database accounts used by AnythingLLM, reducing the potential impact of exploitation. Monitor logs for unusual SQL queries or activity indicative of injection attempts. Network segmentation and application-layer firewalls can help limit exposure. Organizations should stay alert for vendor updates or patches from Mintplex-Labs and apply them promptly once released. Additionally, consider employing Web Application Firewalls (WAFs) with custom rules to detect and block SQL injection patterns targeting the affected endpoints. Conduct security testing and code review of custom integrations involving AnythingLLM to identify and remediate similar injection risks.