CVE-2026-55611

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...

CVE-2026-48789

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared...

EUVD-2026-39009

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. From 1.11.1 until 1.14.1, userId/workspaceId scoping to the parsed-files read/delete paths was added. However, the POST /api/workspace/:slug/embed-parsed-file/:fileId flow...

CVE-2026-48789

CVE-2026-48789 affects AnythingLLM on Windows prior to version 1.13.0. The document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared path containment helper rejects POSIX-style "../" traversal but does not reject W...

CVE-2026-45403

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

CVE-2026-48116

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

CVE-2026-45403

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

CVE-2026-47713

Summary of CVE-2026-47713 : AnythingLLM prior to version 1.13.0 allowed a mobile device token created in single-user mode to survive the migration to multi-user mode without an attached user. In multi-user mode, the mobile authentication middleware accepted this token, causing downstream handlers...

CVE-2026-47713 AnythingLLM: Legacy mobile device tokens bypass multi-user workspace scoping after mode migration

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token created in single-user mode can survive single-user - multi-user migration even when the device record has userId = null. In...

EUVD-2026-33068

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

CVE-2026-48116 AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

CVE-2026-48116

AnythingLLM CVE-2026-48116: Prior to 1.13.0, the filesystem-search-files agent passes a user-controlled pattern to ripgrep as a positional argument without a -- end-of-options separator. ripgrep interprets arguments starting with - as options, so a pattern like --pre=/bin/sh can execute /bin/sh f...

CVE-2026-48116 AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separato...

EUVD-2026-33067

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

CVE-2026-45403

Summary of CVE-2026-45403 : AnythingLLM’s agent filesystem copy tool (prior to v1.13.0) validates only the top-level source/destination. The recursive copy helper traverses child entries with fs.stat() and copies via fs.copyFile() without validating each child or rejecting symlinks. A symlink ins...

CVE-2026-45403 AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

CVE-2026-45403

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

CVE-2026-45403 AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child...

AnythingLLM 安全漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 contained a security vulnerability. This vulnerability stemmed from mobile device tokens created in single-user mode being accepted after migration to multi-user mode, without any user...

AnythingLLM 参数注入漏洞

AnythingLLM is an integrated AI application open source by Mintplex. Versions of AnythingLLM prior to 1.13.0 had a parameter injection vulnerability. This vulnerability stemmed from the filesystem-search-files proxy skill directly passing mode parameters controlled by the LLM as position paramete...