Mintplexlabs

Anything-llm

29 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
4.3

CVE-2026-48789

  • EPSS 0.23%
  • Veröffentlicht 24.06.2026 17:13:20
  • Zuletzt bearbeitet 25.06.2026 18:56:54

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outsi...

4.3

CVE-2026-47713

Exploit
  • EPSS 0.22%
  • Veröffentlicht 28.05.2026 21:20:56
  • Zuletzt bearbeitet 03.06.2026 16:51:22

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token created in single-user mode can survive single-user -> multi-user migration e...

8.8

CVE-2026-48116

Exploit
  • EPSS 0.37%
  • Veröffentlicht 28.05.2026 21:19:51
  • Zuletzt bearbeitet 30.05.2026 04:17:22

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positiona...

2.5

CVE-2026-45403

Exploit
  • EPSS 0.19%
  • Veröffentlicht 28.05.2026 21:18:08
  • Zuletzt bearbeitet 02.06.2026 14:48:13

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The rec...

4.3

CVE-2026-42456

Exploit
  • EPSS 0.3%
  • Veröffentlicht 08.05.2026 23:01:30
  • Zuletzt bearbeitet 18.05.2026 14:33:02

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, GET /api/workspace/:slug/tts/:chatId in AnythingLLM returns the text-to-speech audio for another user...

5.4

CVE-2026-41318

Exploit
  • EPSS 0.2%
  • Veröffentlicht 24.04.2026 02:57:16
  • Zuletzt bearbeitet 27.04.2026 14:53:37

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the ma...

6.4

CVE-2026-32719

Exploit
  • EPSS 0.39%
  • Veröffentlicht 13.03.2026 21:25:31
  • Zuletzt bearbeitet 16.03.2026 20:29:53

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a...

2.7

CVE-2026-32717

Exploit
  • EPSS 0.23%
  • Veröffentlicht 13.03.2026 21:23:48
  • Zuletzt bearbeitet 16.03.2026 20:31:45

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, in multi-user mode, AnythingLLM blocks suspended users on the normal JWT-backed session path, but it do...

3.8

CVE-2026-32715

Exploit
  • EPSS 0.2%
  • Veröffentlicht 13.03.2026 21:22:00
  • Zuletzt bearbeitet 16.03.2026 20:00:30

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that ...

8.8

CVE-2026-32628

Exploit
  • EPSS 0.3%
  • Veröffentlicht 13.03.2026 20:50:15
  • Zuletzt bearbeitet 16.03.2026 20:33:27

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, a SQL injection vulnerability in the built-in SQL Agent plugin allows any user who can invoke the agent...