The vulnerability stems from improper input validation in the thread update endpoint (/workspace/:slug/thread/:threadSlug/update). Specifically, the application fails to validate user input when updating a thread name, allowing an attacker to inject a Prisma relation query to modify the users model. This flaw enables users with lower privileges to escalate their roles to Administrator by crafting a malicious POST request.

An attacker with Default or Manager privileges logs into the application, creates a new thread, and then sends a specially crafted POST request to the thread update endpoint. This request includes a payload designed to exploit the lack of input validation, altering the attacker's role to Administrator. Upon re-authentication, the attacker gains full administrative access.

Users of mintplex-labs/anything-llm prior to version 1.0.0 are affected. Specifically, this vulnerability impacts systems where users with Default or Manager roles can exploit the flaw to gain Administrator privileges, potentially compromising the entire application.