Home > Vulnerability Database > CVE-2026-21484

Mend.io Vulnerability Database

CVE-2026-21484

Good to know:

Date: January 2, 2026

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling username enumeration. Commit e287fab56089cf8fcea9ba579a3ecdeca0daa313 fixes this issue.

Severity Score

5.3

Related Resources (4)

Url: https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-47vr-w3vm-69ch

Url: https://github.com/Mintplex-Labs/anything-llm/commit/e287fab56089cf8fcea9ba579a3ecdeca0daa313

Url: https://nvd.nist.gov/vuln/detail/CVE-2026-21484

Url: https://www.mend.io/vulnerability-database/CVE-2026-21484

Severity Score

5.3

Weakness Type (CWE)

Observable Discrepancy

CWE-203

Observable Response Discrepancy

CWE-204

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2026-21484

Good to know:

Date: January 2, 2026

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?