Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file paths within the archive. This enables a Zip Slip path traversal attack that can lead to arbitrary code execution.
Published: 2026-03-13
Score: 4.2 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary code execution via path traversal
Action: Immediate Patch
AI Analysis

Impact

The vulnerability resides in the ImportedPlugin.importCommunityItemFromUrl() function of the AnythingLLM server. It downloads a ZIP archive from a community hub URL and extracts it without validating internal paths. This allows an attacker to craft a malicious ZIP containing dot‑dot path components and arbitrary files, enabling a Zip Slip path traversal that ultimately leads to arbitrary code execution. The weakness corresponds to CWE‑22 (Path Traversal) and CWE‑94 (Code Injection).

Affected Systems

Affecting the Mintplex‑Labs AnythingLLM application, specifically version 1.11.1 and earlier. Identified through the vendor product list Mintplex-Labs:anything-llm and the affected version field in the CVE entry. Newer releases are not impacted.

Risk and Exploitability

The CVSS score of 4.2 indicates a moderate overall threat, and the EPSS score of less than 1% shows a low probability of exploitation in the wild. The vulnerability is not catalogued in CISA’s KEV list. Exploitation requires access to the server’s import feature; an attacker can supply a crafted URL to the community hub and trigger the extraction, resulting in file system overwrites and code execution. The attack vector is network‑based through the import API, but an attacker would need sufficient privileges to configure or instruct the server to import the malicious ZIP.

Generated by OpenCVE AI on March 16, 2026 at 23:02 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade AnythingLLM to a version newer than 1.11.1 (ideally the latest release that includes the path validation change).
  • If an upgrade is not immediately possible, temporarily disable the community hub plugin import feature or restrict which URLs can be used for importing.
  • Verify that the server’s file permissions and operating environment are configured to prevent arbitrary file writes.

Generated by OpenCVE AI on March 16, 2026 at 23:02 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Mon, 16 Mar 2026 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs anythingllm
CPEs cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*
Vendors & Products Mintplexlabs anythingllm

Mon, 16 Mar 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs
Mintplexlabs anything-llm
Vendors & Products Mintplexlabs
Mintplexlabs anything-llm

Fri, 13 Mar 2026 21:45:00 +0000

Type Values Removed Values Added
Description AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file paths within the archive. This enables a Zip Slip path traversal attack that can lead to arbitrary code execution.
Title AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import
Weaknesses CWE-22
CWE-94
References
Metrics cvssV3_1

{'score': 4.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N'}

Subscriptions

Mintplexlabs Anything-llm Anythingllm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-16T16:44:38.247Z

Reserved: 2026-03-13T14:33:42.825Z

Link: CVE-2026-32719

cve-icon Vulnrichment

Updated: 2026-03-16T16:44:35.552Z

cve-icon NVD

Status : Analyzed

Published: 2026-03-16T14:19:42.837

Modified: 2026-03-16T20:29:53.200

Link: CVE-2026-32719

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T13:39:15Z

Weaknesses