Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Network-accessible endpoint requires low-privilege authentication; impact is read-only directory listing disclosure with no integrity, availability, or scope-change consequence.
Primary rating from Vendor (GitHub_M).
CVSS VectorVendor: GitHub_M
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
Lifecycle Timeline
3DescriptionCVE.org
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, on Windows, the document folder listing route can accept an encoded absolute Windows path that resolves outside the intended documents directory. The shared path containment helper rejects POSIX-style "../" traversal but does not reject Windows-style parent paths returned by path.relative(), such as "..". This vulnerability is fixed in 1.13.0.
AnalysisAI
Path traversal in AnythingLLM's document folder listing endpoint on Windows allows authenticated low-privilege users to enumerate directories outside the intended documents directory. The root cause is a platform-specific gap in the shared path containment helper: it correctly rejects POSIX-style '../' sequences but fails to reject Windows-style parent path segments produced by Node.js path.relative(), such as bare '..'. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires three concurrent conditions: a valid low-privilege authenticated session against the AnythingLLM instance (CVSS PR:L - unauthenticated access is not sufficient), a Windows-based deployment of AnythingLLM (the bypass is caused specifically by how Node.js path.relative() formats paths on Windows using backslashes and bare '..' segments), and network-level access to the document folder listing API endpoint. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 3.1 vector AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N scores 4.3 (Medium), which is an accurate reflection of real-world risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated low-privilege user crafts an HTTP request to the AnythingLLM document listing endpoint, supplying an encoded absolute Windows path such as 'C:\Windows\System32' or a path.relative()-style '..' segment targeting a parent directory. The path containment helper passes the input because it only checks for POSIX-style '../' sequences. … |
| Remediation | Upgrade AnythingLLM to version 1.13.0 or later, which contains the vendor-released patch correcting the Windows-specific path containment logic. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Anything Llm
View allSQL Injection in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high severity (CVSS 8.8), this vulne
Authentication Bypass by Primary Weakness in GitHub repository mintplex-labs/anything-llm prior to 0.0.1. Rated high sev
XSS in AnythingLLM 1.11.1 and earlier.
SQL injection in AnythingLLM versions 1.11.1 and earlier enables authenticated users to execute arbitrary SQL commands a
AnythingLLM versions 1.11.1 and earlier contain an authentication bypass vulnerability on default installations where th
Stored DOM-level XSS in AnythingLLM's chart caption rendering allows authenticated users in shared workspaces to inject
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti
AnythingLLM versions 1.11.1 and earlier contain a Zip Slip path traversal vulnerability in the community plugin import f
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatti
Stale mobile device tokens in AnythingLLM survive single-user to multi-user mode migration with a null userId, allowing
Symlink following in the AnythingLLM agent filesystem copy tool (versions prior to 1.13.0) allows a highly-privileged au
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-39008