CVE-2026-32719 | Teknoloji dünyasından en güncel haberleri ve güvenlikle ilgili gelişmeleri takip edin.

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedP…
Medium CVSS: 4.2

CVE-2026-32719

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file paths within the archive. This enables a Zip Slip path traversal attack that can lead to arbitrary code execution.
Vendor
Mintplexlabs
Product
Anythingllm
CWE
CWE-22
Yayın Tarihi
2026-03-16 14:19:42
Güncelleme
2026-03-16 20:29:53
Source Identifier
security-advisories@github.com
KEV Date Added
-

Kategoriler

CWE-22 Anythingllm MEDIUM Mintplexlabs 2026

Referanslar

https://github.com/Mintplex-Labs/anything-llm/commit/6a492f038da195a5c9a239d5ca2e9f2151c25f8c https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-rh66-4w74-cf4m