プラットフォーム
nodejs
コンポーネント
anything-llm
修正版
1.11.2
CVE-2026-32719 describes a Path Traversal vulnerability discovered in AnythingLLM, an application designed to provide context for Large Language Models (LLMs). This flaw allows attackers to potentially execute arbitrary code by manipulating ZIP files downloaded from community hubs. The vulnerability impacts versions of AnythingLLM up to and including 1.11.1. A patch is expected to resolve this issue.
The vulnerability lies within the ImportedPlugin.importCommunityItemFromUrl() function, which handles the download and extraction of ZIP files. The function uses the AdmZip.extractAllTo() method without proper validation of file paths within the archive. This lack of validation enables a Zip Slip attack, a well-known technique where attackers craft ZIP files with strategically placed files to overwrite or access files outside the intended extraction directory. Successful exploitation could allow an attacker to overwrite critical system files, execute malicious code, or gain unauthorized access to sensitive data within the AnythingLLM environment. The potential blast radius depends on the permissions of the user running the AnythingLLM application.
This CVE was publicly disclosed on 2026-03-13. There is currently no indication of active exploitation campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog as of this writing. Public proof-of-concept exploits are not yet available, but the nature of the Zip Slip vulnerability suggests that such exploits are likely to emerge.
Organizations and individuals using AnythingLLM for LLM context management are at risk, particularly those who allow users to import community-created content from untrusted sources. Shared hosting environments where multiple users share the same AnythingLLM instance are also at increased risk, as a compromised ZIP file could affect all users on the server.
• nodejs / server:
find /path/to/anythingllm/ -name '*.zip' -mtime -7 -print0 | xargs -0 grep -i '..\..' # Search for suspicious path patterns in recent ZIP files• nodejs / server:
ps aux | grep -i anythingllm | grep -i 'AdmZip.extractAllTo()' # Check for processes using AdmZip extractiondisclosure
エクスプロイト状況
EPSS
0.04% (11% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation is to upgrade to a patched version of AnythingLLM that addresses this vulnerability. Until a patch is available, consider implementing temporary workarounds. One approach is to restrict the URLs from which AnythingLLM downloads ZIP files to trusted sources only. Another is to implement a WAF or proxy to inspect incoming ZIP files for suspicious path traversal patterns before they are processed by AnythingLLM. Thoroughly scan any downloaded ZIP files for malicious content before importing them. After upgrade, confirm by attempting to import a known-safe ZIP file and verifying that it extracts to the expected location without errors.
AnythingLLM を 1.11.1 より後のバージョンにアップデートしてください。これにより、Community Hub からプラグインをインポートする際のパス トラバーサルと任意のコード実行の脆弱性が修正されます。
脆弱性分析と重要アラートをメールでお届けします。
CVE-2026-32719 is a vulnerability in AnythingLLM versions up to 1.11.1 that allows attackers to execute arbitrary code by crafting malicious ZIP files.
You are affected if you are using AnythingLLM version 1.11.1 or earlier and are importing ZIP files from untrusted sources.
Upgrade to a patched version of AnythingLLM. Until a patch is available, restrict ZIP file sources and scan files before import.
There is currently no indication of active exploitation, but the vulnerability's nature suggests potential for exploitation.
Refer to the official AnythingLLM project's website or repository for security advisories and updates.