Primary

Context

AnythingLLM Password Recovery Username Enumeration Vulnerability

Vulnerability

A vulnerability in the AnythingLLM application allows for username enumeration through the password recovery endpoint. Prior to the fix in commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the endpoint returned different error messages based on the existence of a username. This discrepancy enabled attackers to determine valid usernames by analyzing the error responses.

Impact

Exploitation of this vulnerability could lead to username enumeration, allowing attackers to identify valid usernames for targeted attacks.

Reproduction

To reproduce this vulnerability, send a POST request to the password recovery endpoint with a username that exists in the system. The response will indicate that the recovery codes are invalid, but the message will include a period at the end. For a username that does not exist, the response will be similar but without the period. This difference can be used to infer the existence of the username.

Added: Jan 3, 2026, 2:16 AM

Updated: Jan 3, 2026, 2:16 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

6.0

remediation

0.0

relevance

1.8

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AnythingLLM Password Recovery Username Enumeration Vulnerability

Vulnerability

Impact

Reproduction

Affected Products

Mintplex-Labs anything-llm

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating