Plattform
drupal
Komponente
drupal
Behoben in
1.10.1
1.10.1
CVE-2026-24478 describes a critical Remote Code Execution (RCE) vulnerability within the AnythingLLM application, a Drupal Core module. This flaw stems from a path traversal issue in the DrupalWiki integration, enabling unauthorized file writes. Affected versions include those prior to 1.10.0. The vulnerability has been resolved in version 1.10.0.
An attacker exploiting this vulnerability could achieve Remote Code Execution (RCE) on the Drupal server. This is accomplished by leveraging the path traversal flaw in the DrupalWiki integration. A malicious administrator, or an attacker who can convince an administrator to configure a malicious DrupalWiki URL, can write arbitrary files. This could involve overwriting critical configuration files, injecting malicious scripts (e.g., PHP), or modifying other system files to gain control of the server. The potential impact includes complete system compromise, data exfiltration, and denial of service. The ability to write arbitrary files represents a significant escalation of privilege, allowing for persistent access and control.
This vulnerability was publicly disclosed on 2026-01-27. There are currently no publicly available proof-of-concept exploits, but the path traversal nature of the vulnerability makes it likely that one will emerge. The vulnerability's impact (RCE) and ease of exploitation (requiring admin privileges or social engineering) suggest a medium probability of exploitation. It is not currently listed on the CISA KEV catalog.
Organizations using Drupal Core with the AnythingLLM application installed, particularly those with administrative users who may be susceptible to social engineering attacks or who may inadvertently configure malicious DrupalWiki URLs, are at risk. Shared hosting environments where multiple Drupal instances share the same server resources are also at increased risk.
• drupal: Check the installed version of the AnythingLLM module using drush pm:core-list or drush pm:modules.
• generic web: Monitor Drupal error logs for attempts to access files outside of the intended DrupalWiki directory.
• generic web: Use a WAF to block requests containing path traversal sequences (e.g., ../).
• linux / server: Monitor file system activity for unexpected file creations or modifications within the Drupal installation directory, particularly in areas related to configuration files. Use auditd to track file access attempts.
disclosure
Exploit-Status
EPSS
0.22% (44% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2026-24478 is to immediately upgrade the AnythingLLM application to version 1.10.0 or later. If upgrading is not immediately feasible due to compatibility concerns or testing requirements, consider restricting access to the DrupalWiki integration to trusted administrators only. Implement strict input validation on any user-supplied data used in file paths. Review DrupalWiki configuration for any suspicious URLs. After upgrading, confirm the fix by attempting to access a DrupalWiki URL with a path traversal payload (e.g., ../../../../etc/passwd) and verifying that access is denied.
Actualice AnythingLLM a la versión 1.10.0 o posterior. Esta versión contiene la corrección para la vulnerabilidad de Path Traversal. Se recomienda realizar la actualización lo antes posible para evitar posibles ataques.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-24478 is a Remote Code Execution vulnerability in the AnythingLLM application for Drupal Core, allowing attackers to potentially execute arbitrary code on the server.
You are affected if you are using Drupal Core with the AnythingLLM application in a version prior to 1.10.0.
Upgrade the AnythingLLM application to version 1.10.0 or later to resolve the vulnerability. Restrict access to the DrupalWiki integration as a temporary workaround.
While no public exploits are currently known, the path traversal nature of the vulnerability suggests a potential for exploitation.
Refer to the official Drupal security advisory for CVE-2026-24478 on the Drupal website.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine composer.lock-Datei hoch und wir sagen dir sofort, ob du betroffen bist.