Cyber Resilience

CVE-2024-3029

HighPublic PoC

Published: 16 April 2024

Published
16 April 2024
Modified
09 July 2025
KEV Added
Patch
CVSS Score v3.1 8.0 CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0021 42.9th percentile
Risk Priority 16 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-3029 is a high-severity Improper Input Validation (CWE-20) vulnerability in Mintplexlabs Anythingllm. Its CVSS base score is 8.0 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Create Account (T1136); ranked at the 42.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the Other ATLAS/OWASP Terms risk domain.

EU & UK References

Vulnerability details

In mintplex-labs/anything-llm, an attacker can exploit improper input validation by sending a malformed JSON payload to the '/system/enable-multi-user' endpoint. This triggers an error that is caught by a catch block, which in turn deletes all users and disables the 'multi_user_mode'.…

more

The vulnerability allows an attacker to remove all existing users and potentially create a new admin user without requiring a password, leading to unauthorized access and control over the application.

CWE(s)

AI Security AnalysisAI

AI Category
Enterprise AI Assistants
Risk Domain
Other ATLAS/OWASP Terms
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
mintplex-labs/anything-llm is an all-in-one AI/LLM application platform supporting multi-user modes, local/cloud LLM integration, and enterprise features, fitting 'Enterprise AI Assistants'. The vulnerability is in its API endpoint for multi-user management.

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1136 Create Account Persistence
Adversaries may create an account to maintain access to victim systems.
T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1531 Account Access Removal Impact
Adversaries may interrupt availability of system and network resources by inhibiting access to accounts utilized by legitimate users.
Why these techniques?

Vulnerability in public-facing endpoint enables exploitation (T1190), deletion of all user accounts (T1531), and potential creation of new admin account without password (T1136).

Affected Assets

mintplexlabs
anythingllm
≤ 1.0.0

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-20

Security testing and developer training directly verify and enforce proper input validation, reducing exploitability of injection and malformed-data weaknesses.

addresses: CWE-20

Security testing and evaluation at multiple SDLC stages directly detects missing or flawed input validation, with the required remediation process ensuring fixes are applied.

addresses: CWE-20

Directly implements checks on information inputs to reject invalid data before processing.

addresses: CWE-20

Spam protection mechanisms perform filtering and detection on inbound/outbound messages, directly compensating for missing or weak input validation of unsolicited content.

References