Mintplexlabs

Anythingllm

63 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
9.1

CVE-2026-5627

  • EPSS 0.03%
  • Veröffentlicht 07.04.2026 13:06:38
  • Zuletzt bearbeitet 08.04.2026 21:27:15

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input in the `loadFlow` and `deleteFlow` methods in `se...

6.4

CVE-2026-32719

Exploit
  • EPSS 0.04%
  • Veröffentlicht 13.03.2026 21:25:31
  • Zuletzt bearbeitet 16.03.2026 20:29:53

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a...

2.7

CVE-2026-32717

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.03.2026 21:23:48
  • Zuletzt bearbeitet 16.03.2026 20:31:45

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it do...

3.8

CVE-2026-32715

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.03.2026 21:22:00
  • Zuletzt bearbeitet 16.03.2026 20:00:30

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that ...

8.8

CVE-2026-32628

Exploit
  • EPSS 0.03%
  • Veröffentlicht 13.03.2026 20:50:15
  • Zuletzt bearbeitet 16.03.2026 20:33:27

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent...

9.6

CVE-2026-32626

Exploit
  • EPSS 0.05%
  • Veröffentlicht 13.03.2026 20:14:30
  • Zuletzt bearbeitet 16.03.2026 20:34:47

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that es...

7.5

CVE-2026-32617

Exploit
  • EPSS 0.02%
  • Veröffentlicht 13.03.2026 20:07:57
  • Zuletzt bearbeitet 16.03.2026 20:40:06

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, On default installations where no password or API key has been configured, all HTTP endpoints and the a...

7.2

CVE-2026-24478

Exploit
  • EPSS 0.23%
  • Veröffentlicht 26.01.2026 23:23:54
  • Zuletzt bearbeitet 28.01.2026 15:52:39

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the DrupalWiki integration allows a malicious admin (or an...

7.5

CVE-2026-24477

Exploit
  • EPSS 11.22%
  • Veröffentlicht 26.01.2026 23:22:27
  • Zuletzt bearbeitet 28.01.2026 15:59:06

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. If AnythingLLM prior to version 1.10.0 is configured to use Qdrant as the vector database with an API key, this QdrantApiKey c...

5.3

CVE-2026-21484

Exploit
  • EPSS 0.05%
  • Veröffentlicht 03.01.2026 01:21:39
  • Zuletzt bearbeitet 23.02.2026 17:54:38

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to commit e287fab56089cf8fcea9ba579a3ecdeca0daa313, the password recovery endpoint returns different error messages depe...