What is the severity of CVE-2026-21484?

CVE-2026-21484 has a CVSS v3 score of 5.3, which is classified as Medium severity.

Is there an exploit available for CVE-2026-21484?

No known public exploits are currently available for CVE-2026-21484.

Is there a patch available for CVE-2026-21484?

No official patches have been released yet for CVE-2026-21484. Consider implementing workarounds or mitigations.

CVE-2026-21484

Published: January 25, 2026

Last updated:4 days ago (January 25, 2026)

Exploit: NoZero-day: NoPatch: No

TL;DR

Updated January 25, 2026

CVE-2026-21484 is a medium severity vulnerability with a CVSS score of 5.3. No known public exploits at this time.

Key Points

1Medium severity (CVSS 5.3/10)
2No known public exploits
3

Severity Scores

CVSS v35.3

CVSS v20.0

Priority Score132.0

EPSS Score0.0

Medium

Cite This Page

APA Format

Strobes VI. (2026). CVE-2026-21484 - CVE Details and Analysis. Strobes VI. Retrieved January 29, 2026, from https://vi.strobes.co/cve/CVE-2026-21484

Quick copy link + title

Please cite this page when referencing data from Strobes VI. Proper attribution helps support our vulnerability intelligence research.

Trend: Neutral

No official patches released yet

4Strobes Priority Score: 132/1000 (Low)

Exploitation LikelihoodMinimal

0.00%EPSS

Very low probability of exploitation

Monitor and patch as resources allow

0.00%

EPSS

5.3

CVSS

No

Exploit

No

Patch

Medium Priority

no patch

EPSS predicts the probability of exploitation in the next 30 days based on real-world threat data, complementing CVSS severity scores with actual risk assessment.

Description

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depending on whether a username exists, so enabling username enumeration. Commit e287fab56089cf8fcea9ba579a3ecdeca0daa313 fixes this issue.

CVSS v3 Breakdown

Attack Vector:Network

Attack Complexity:Local

Privileges Required:Network

User Interaction:Network

Scope:Unchanged

Confidentiality:Local

Integrity:Network

Availability:Network

Trend Analysis

Neutral

Advisories

NVD