EUVD-2026-12105
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Lifecycle Timeline
3Tags
Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS due to insecure Electron configuration. This works with default settings and requires no user interaction beyond normal chat usage. The custom markdown-it image renderer in frontend/src/utils/chat/markdown.js interpolates token.content directly into the alt attribute without HTML entity escaping. The PromptReply component renders this output via dangerouslySetInnerHTML without DOMPurify sanitization - unlike HistoricalMessage which correctly applies DOMPurify.sanitize().
Analysis
XSS in AnythingLLM 1.11.1 and earlier.
Sign in for full analysis, threat intelligence, and remediation guidance.
Remediation
Within 24 hours: Inventory all AnythingLLM Desktop installations and restrict usage to air-gapped or non-critical systems only. Within 7 days: Contact vendor for patch timeline; if unavailable, evaluate alternative LLM desktop solutions or disable AnythingLLM Desktop enterprise-wide pending remediation. …
Sign in for detailed remediation steps.
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today