CVE-2026-32719
published 2026-03-16CVE-2026-32719: AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The…
PriorityP336medium6.4CVSS 3.1
AVNACHPRHUIRSUCHIHAH
EPSS
0.39%
30.7th percentile
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file paths within the archive. This enables a Zip Slip path traversal attack that can lead to arbitrary code execution.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mintplex-labs | anything-llm | <= 1.11.1 | — |
| mintplexlabs | anythingllm | <= 1.11.1 | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
Wiz
CVE-2026-32719 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 4.2
CVE-2026-32719 [MEDIUM] CVE-2026-32719 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-32719 :
Homebrew vulnerability analysis and mitigation
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file paths within the archive. This enables a Zip Slip path traversal attack that can lead to arbitrary code execution.
Source : NVD
## 6.4
Score
Published March 16, 2026
Severity MEDIUM
CNA Score 4.2
Affected Technologies
Homebrew
AnythingLLM
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Per
Wiz
CVE-2026-5627 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 7.7
CVE-2026-5627 [HIGH] CVE-2026-5627 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-5627 :
AnythingLLM vulnerability analysis and mitigation
AgentFlows
loadFlow
deleteFlow
server/utils/agentFlows/index.js
path.join
normalizePath
.json
package.json
Source : NVD
## 9.1
Score
Published April 7, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
AnythingLLM
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 9.8
Exploitation Probability (EPSS) N/A
Affected packages and libraries
cpe:2.3:a:mintplexlabs:anythingllm
Sources
NVD
Linux Severity CRITICAL Has Fix Added at: Apr 09, 2026
Windows Severity CRITICAL Has Fix Added at: Apr 09, 2026
## Get a CVE risk assessment
Get a prioritized view of CVEs in your cloud—so you can focus on what's exp
2026-03-16
Published