CVE-2026-32628: AnythingLLM SQLi — Patch Guide

Overview

A significant security vulnerability, tracked as CVE-2026-32628, has been identified in the AnythingLLM application. This flaw is a SQL injection vulnerability located within the built-in SQL Agent plugin. It affects versions 1.11.1 and earlier. The vulnerability allows any authenticated user who can interact with the SQL Agent to execute unauthorized SQL commands on databases connected to the application.

Vulnerability Details

AnythingLLM is a tool that helps organize content for use with large language models (LLMs). Its SQL Agent feature allows users to query connected databases. The vulnerability exists in the getTableSchemaSql() method used by the database connectors for MySQL, PostgreSQL, and Microsoft SQL Server.

The core problem is that the code builds SQL queries by directly inserting user-supplied input (the table_name parameter) into the command string without proper sanitization or using safe parameterized queries. This insecure practice is a classic SQL injection vector, allowing an attacker to “break out” of the intended query and run their own malicious SQL code.

Potential Impact

The impact of this vulnerability is high (CVSS score 8.8). A successful exploit could allow an authenticated user to:

• Read, modify, or delete sensitive data within the connected databases.
• Exfiltrate entire database contents, leading to a major data breach. For insights into the consequences of data exposure, you can review historical breach reports.
• In some configurations, potentially execute administrative commands on the database server itself, leading to a full system compromise.

This risk is elevated because it can be exploited by any user with access to the agent, not just administrators.

Remediation and Mitigation

The primary and most critical action is to upgrade AnythingLLM to a version newer than 1.11.1 immediately. The maintainers have released a fix that addresses the insecure code by implementing proper query parameterization.

Immediate Actions:

1. Update: Upgrade your AnythingLLM installation to the latest patched version without delay.
2. Audit: Review access logs for your AnythingLLM instance and connected databases for any unusual or unexpected SQL query activity that may indicate prior exploitation.
3. Principle of Least Privilege: Ensure the database accounts used by AnythingLLM have only the minimum permissions necessary for the application to function. This can limit the damage of a successful injection attack.
4. Network Security: Restrict network access to the database servers so they are only reachable by the application host, not the entire network.

Stay informed about emerging threats by following the latest security news. Proactive patching remains the most effective defense against such vulnerabilities. Do not delay applying this update.