Vulnerabilities

CVE-2026-21484 - AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery

2026-01-03 0 views admin

CVE ID : CVE-2026-21484 Published : Jan. 3, 2026, 1:21 a.m. | 50 minutes ago Description : AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling username enumeration. Commit e287fab56089cf8fcea9ba579a3ecdeca0daa313 fixes this issue. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...

CVE Details

CVE ID

CVE-2026-21484

Published

Jan. 3, 2026

Source: Telegram CVE Monitor

🏷️ Tags

cvevulnerabilitysecuritycybersecuritycve-2026-21484

CVE-2026-21484 - AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery

CVE Details

🏷️ Tags

More from Vulnerabilities

CVE-2025-64125 - Nuvation Energy nCloud Client-to-Client Communication

CVE-2025-64124 - Nuvation Energy Multi-Stack Controller OS Command Injection

CVE-2026-0571 - yeqifu warehouse AppFileUtils.java createResponseEntity path traversal

CVE-2026-21447 - Bagisto has IDOR in Customer Order Reorder Functionality

Trending

CVE-2025-61481: Critical Remote Code Execution Vulnerability in MikroTik RouterOS & SwitchOS

CVE-2025-43939: Dell Unity OS Command Injection (High)

Google disputes false claims of massive Gmail data breach

Microsoft: DNS outage impacts Azure and Microsoft 365 services

3.5B Accounts, 1 Critical Flaw: Meta Closes WhatsApp Data-Harvesting