Homebrew is a free and open-source software package management system that simplifies the installation of software on Apple's macOS operating system and Linux. The name is intended to suggest the idea of building software on the Mac depending on the user's taste. Originally written by Max Howell, the package manager has gained popularity in the Ruby on Rails community and earned praise for its extensibility.

Homebrew

Should an instance of AnythingLLM be hosted on an internal network and the attacked be explicitly granted a permission level of manager or admin, they could link-scrape internally resolving IPs of other services that are on the same network as AnythingLLM.

This would require the attacker also be able to guess these internal IPs as `/*` ranging is not possible, but could be brute forced.

There is a duty of care that other services on the same network would not be fully open and accessible via a simple CuRL with zero authentication as it is not possible to set headers or access via the link collector.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2026-21693	HIGH	8.8	Homebrew	iccdev	No	Yes	Jan 07, 2026
CVE-2026-21692	HIGH	8.8	Homebrew	iccdev	No	Yes	Jan 07, 2026
CVE-2025-69262	HIGH	7.8	JavaScript	pnpm	No	Yes	Jan 07, 2026
CVE-2026-21885	MEDIUM	6.5	NixOS	miniflux	No	Yes	Jan 08, 2026
CVE-2026-21691	MEDIUM	6.5	Homebrew	iccdev	No	Yes	Jan 07, 2026

CVE-2024-0759:
Homebrew vulnerability analysis and mitigation

Overview

Technical details

Impact

Mitigation and workarounds

Additional resources

7.5

Related Homebrew vulnerabilities:

Benchmark your Cloud Security Posture

Additional Wiz resources

Cloud Vulnerability DB

Cloud Threat Landscape

PEACH

Ready to see Wiz in action?

CVE-2024-0759: Homebrew vulnerability analysis and mitigation