cvedb.io
CVE-2024-8196
CRITICAL · CVSS 9.8
EPSS exploitation probability: 0%
Published 2025-03-20T10:15:41.490 · Last modified 2026-06-17T08:22:05.863

Summary

In mintplex-labs/anything-llm v1.5.11 desktop version for Windows, the application opens server port 3001 on 0.0.0.0 with no authentication by default. This vulnerability allows an attacker to gain full backend access, enabling them to perform actions such as deleting all data from the workspace.

Affected products

mintplexlabs — anythingllm_desktop

Does this affect you?

Add your gear to cvedb and we'll alert you only when mintplexlabs ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.