PT-2026-44552

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.13.0 Description The filesystem-search-files agent skill passes an LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separator. Because ripgrep parses any argument...

AnythingLLM 安全漏洞

AnythingLLM is an all-in-one AI application open-sourced by Mintplex. A security vulnerability exists in AnythingLLM that stems from a password recovery endpoint returning a different error message that could lead to username enumeration...

CVE-2024-13060 Improper Authorization in mintplex-labs/anything-llm

A vulnerability in AnythingLLM Docker version 1.3.1 allows users with 'Default' permission to access other users' profile pictures by changing the 'id' parameter in the user cookie. This issue is present in versions prior to 1.3.1...

AnythingLLM Security Vulnerability

AnythingLLM is a business-compliant document chatbot. A security vulnerability exists in AnythingLLM that originates from a user with default privileges being able to delete documents uploaded by an administrator through certain actions...