CVE-2026-32628
Published: 16 March 2026
Summary
CVE-2026-32628 is a high-severity SQL Injection (CWE-89) vulnerability in Mintplexlabs Anythingllm. Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 11.7th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as Other AI Platforms.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly prevents SQL injection by requiring validation and sanitization of the unsanitized table_name parameter in getTableSchemaSql() before query construction.
Ensures identification, reporting, and correction of the SQL injection flaw via timely patching as provided in GitHub commit 334ce052f063b53a4275518cbed3bab357695d7e.
Facilitates dissemination and application of security advisories like GHSA-jwjx-mw2p-5wc7 to remediate this specific SQL injection vulnerability.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
SQL injection in the network-accessible SQL Agent plugin of AnythingLLM directly enables exploitation of a public-facing application (T1190) by low-privileged users to run arbitrary SQL on connected databases.
NVD Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke…
more
the agent to execute arbitrary SQL commands on connected databases. The getTableSchemaSql() method in all three database connectors (MySQL, PostgreSQL, MSSQL) constructs SQL queries using direct string concatenation of the table_name parameter without sanitization or parameterization.
Deeper analysisAI
CVE-2026-32628, published on 2026-03-16, is a SQL injection vulnerability (CWE-89) in AnythingLLM versions 1.11.1 and earlier. AnythingLLM is an application that turns pieces of content into context for large language models (LLMs) to use as references during chatting. The flaw exists in the built-in SQL Agent plugin, specifically in the getTableSchemaSql() method across the MySQL, PostgreSQL, and MSSQL database connectors, which construct SQL queries via direct string concatenation of the unsanitized table_name parameter.
With a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), the vulnerability can be exploited by any low-privileged user able to invoke the SQL Agent over the network without user interaction. Successful exploitation allows attackers to execute arbitrary SQL commands on connected databases, enabling high-impact compromise of confidentiality, integrity, and availability, such as data exfiltration, modification, or deletion.
Mitigation is addressed in a patch via GitHub commit 334ce052f063b53a4275518cbed3bab357695d7e in the Mintplex-Labs/anything-llm repository. Additional details on the issue and remediation are available in the GitHub Security Advisory GHSA-jwjx-mw2p-5wc7.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llm