CVE-2024-4286
Published: 26 May 2024
Summary
CVE-2024-4286 is a medium-severity Expression Language Injection (CWE-917) vulnerability. Its CVSS base score is 4.9 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Data Destruction (T1485); ranked at the 27.8th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Enterprise AI Assistants; in the LLM/Generative AI Risks risk domain; MITRE ATLAS techniques in scope: External Harms (AML.T0048), LLM Prompt Injection (AML.T0051).
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-32836
Vulnerability details
Mintplex-Labs' anything-llm application is vulnerable to improper neutralization of special elements used in an expression language statement, identified in the commit id `57984fa85c31988b2eff429adfc654c46e0c342a`. The vulnerability arises from the application's handling of user modifications by managers or admins, allowing for the…
more
modification of all existing attributes of the `user` database entity without proper checks or sanitization. This flaw can be exploited to delete user threads, denying users access to their previously submitted data, or to inject fake threads and/or chat history for social engineering attacks.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Enterprise AI Assistants
- Risk Domain
- LLM/Generative AI Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- The vulnerability affects Mintplex-Labs' anything-llm, an open-source application for private LLM interactions, chat threads, and history management, fitting the Enterprise AI Assistants category as it provides an end-to-end platform for LLM-based assistants.
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables deletion of user threads for data destruction (T1485) and injection of fake threads/chat history for stored data manipulation (T1492).
MITRE ATLAS TechniquesAI
MITRE ATLAS techniques
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.