CVE-2026-42456

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.12.1

Description An insecure direct object reference (IDOR) exists in the text-to-speech endpoint. The endpoint "/api/workspace/:slug/tts/:chatId" validates workspace membership but fails to enforce ownership of the targeted chat row. This allows an authenticated user to access another user's private assistant response in audio form if the chatId is known or guessed.

Recommendations Update to version 1.12.1.