What is the CVSS score of CVE-2026-5627?

CVE-2026-5627 has a CVSS 3.1 base score of 7.2 (High). CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H. EPSS exploitation probability: 0.0%.

How to fix or mitigate CVE-2026-5627?

Within 24 hours: Inventory all Anything LLM deployments and identify instances running version 1.9.1 or earlier. Within 7 days: Upgrade all affected instances to version 1.12.1 or later. For deployments that cannot be immediately patched, restrict administrator role assignments to trusted personnel only and audit recent administrator activity logs for suspicious JSON file access or deletion patterns. Within 30 days: Conduct post-upgrade verification and review access control policies for administrative roles.

CVE-2026-5627

EUVD-2026-19637 HIGH

Path Traversal: '\\..\\filename' (CWE-29)

2026-04-07 @huntr_ai

GHSA-3593-xf56-f85v

Denial Of Service Information Disclosure Path Traversal

7.2

CVSS 3.1

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Re-analysis Queued

Apr 24, 2026 - 14:07 vuln.today

cvss_changed

Severity Changed

Apr 24, 2026 - 14:07 NVD

CRITICAL HIGH

CVSS changed

Apr 24, 2026 - 14:07 NVD

9.1 (CRITICAL) 7.2 (HIGH)

Analysis Updated

Apr 16, 2026 - 05:45 EUVD-patch-fix

executive_summary

Re-analysis Queued

Apr 16, 2026 - 05:29 backfill_euvd_patch

patch_released

Patch available

Apr 16, 2026 - 05:29 EUVD

1.12.1

EUVD ID Assigned

Apr 07, 2026 - 13:45 euvd

EUVD-2026-19637

Analysis Generated

Apr 07, 2026 - 13:45 vuln.today

CVE Published

Apr 07, 2026 - 13:06 nvd

CRITICAL 9.1

DescriptionNVD

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the combination of path.join and normalizePath allows attackers to bypass directory restrictions and access or delete arbitrary .json files on the server. This can lead to information disclosure, such as leaking sensitive configuration files containing API keys, or denial of service by deleting critical files like package.json. The issue is resolved in version 1.12.1.

AnalysisAI

Path traversal in mintplex-labs/anything-llm (versions ≤1.9.1) allows authenticated administrators to read or delete arbitrary JSON files on the server, bypassing directory restrictions in the AgentFlows component. Exploitation requires high privileges (administrator access) but achieves cross-scope impact including leaking sensitive API keys from configuration files or destroying critical package.json files. …

RemediationAI

Within 24 hours: Inventory all Anything LLM deployments and identify instances running version 1.9.1 or earlier. Within 7 days: Upgrade all affected instances to version 1.12.1 or later. …

Analysis

Detailed AI-generated intelligence summary covering attack vector, impact assessment, affected versions, remediation steps, and indicators of compromise.

POChttps://••••••••••.com/exploit

PATCHhttps://••••••••••.com/patch

ADVISORYhttps://••••••••••.com/advisory

Full analysis requires sign-in

Get intelligence summaries, risk assessment, exploit details, threat intel, and remediation guidance.

CVE-2026-5627 vulnerability details – vuln.today

Back

CVE-2026-5627

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

RemediationAI

Full analysis requires sign-in

Share

External POC / Exploit Code