Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared path containment helper rejects POSIX-style "../" traversal but does not reject Windows-style parent paths returned by path.relative(), such as "..". This vulnerability is fixed in 1.13.0.
Published: 2026-06-24
Score: 4.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

AnythingLLM, an application that contextualizes content for LLMs, has a directory traversal flaw in its document folder listing route on Windows. Prior to version 1.13.0 the route accepts encoded absolute Windows paths that resolve outside the intended documents directory. Because the shared path containment helper rejects only POSIX‑style "../" traversals and does not handle Windows‑style parent paths returned by path.relative(), an attacker can force the application to read or otherwise access files located beyond the document root. The flaw is classified as CWE‑22. It does not allow remote code execution or privilege escalation but can lead to unauthorized disclosure of arbitrary files on the host, potentially exposing sensitive data.

Affected Systems

This issue is present in the AnythingLLM product from Mintplex‑Labs, affecting all installations running a Windows operating system with a version earlier than 1.13.0. Systems that use the default document folder route for listing or retrieving documents are vulnerable. Versions 1.13.0 and later contain the fix.

Risk and Exploitability

The CVSS base score for this weakness is 4.3, reflecting moderate severity. No EPSS score is available, and the vulnerability is not listed in the CISA KEV catalog, indicating a low or unproven exploitation rate to date. The likely attack vector is sending a crafted request to the document folder route that includes Windows‑style relative paths such as ".." encoded in the URL. If exploited, an attacker could read arbitrary server files within the document folder tree. Although the risk appears moderate, organizations running unpatched versions should treat it with caution and apply the available update promptly.

Generated by OpenCVE AI on June 24, 2026 at 20:38 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade AnythingLLM to version 1.13.0 or later.
  • Restrict access to the document folder route to authenticated users or administrators only.
  • Implement server‑side path validation to reject any resolved path that is outside the intended documents directory.

Generated by OpenCVE AI on June 24, 2026 at 20:38 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 06:30:00 +0000

Type Values Removed Values Added
First Time appeared Mintplexlabs
Mintplexlabs anything-llm
Vendors & Products Mintplexlabs
Mintplexlabs anything-llm

Wed, 24 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 24 Jun 2026 18:00:00 +0000

Type Values Removed Values Added
Description AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared path containment helper rejects POSIX-style "../" traversal but does not reject Windows-style parent paths returned by path.relative(), such as "..". This vulnerability is fixed in 1.13.0.
Title AnythingLLM: Windows path containment bypass in document folder route
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 4.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N'}


Subscriptions

Mintplexlabs Anything-llm
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-24T18:54:27.640Z

Reserved: 2026-05-22T20:18:20.366Z

Link: CVE-2026-48789

cve-icon Vulnrichment

Updated: 2026-06-24T18:54:15.355Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T06:15:15Z

Weaknesses
  • CWE-22

    Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')