Skip to main content

Mintplex Labs Anything Llm EUVDEUVD-2026-19637

| CVE-2026-5627 HIGH
Path Traversal: '\\..\\filename' (CWE-29)
2026-04-07 @huntr_ai GHSA-3593-xf56-f85v
7.2
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.2 HIGH
AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

9
Re-analysis Queued
Apr 24, 2026 - 14:07 vuln.today
cvss_changed
Severity Changed
Apr 24, 2026 - 14:07 NVD
CRITICAL HIGH
CVSS changed
Apr 24, 2026 - 14:07 NVD
9.1 (CRITICAL) 7.2 (HIGH)
Analysis Updated
Apr 16, 2026 - 05:45 EUVD-patch-fix
executive_summary
Re-analysis Queued
Apr 16, 2026 - 05:29 backfill_euvd_patch
patch_released
Patch available
Apr 16, 2026 - 05:29 EUVD
1.12.1
EUVD ID Assigned
Apr 07, 2026 - 13:45 euvd
EUVD-2026-19637
Analysis Generated
Apr 07, 2026 - 13:45 vuln.today
CVE Published
Apr 07, 2026 - 13:06 nvd
CRITICAL 9.1

DescriptionCVE.org

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the AgentFlows component. The vulnerability arises from improper handling of user input in the loadFlow and deleteFlow methods in server/utils/agentFlows/index.js. Specifically, the combination of path.join and normalizePath allows attackers to bypass directory restrictions and access or delete arbitrary .json files on the server. This can lead to information disclosure, such as leaking sensitive configuration files containing API keys, or denial of service by deleting critical files like package.json. The issue is resolved in version 1.12.1.

AnalysisAI

Path traversal in mintplex-labs/anything-llm (versions ≤1.9.1) allows authenticated administrators to read or delete arbitrary JSON files on the server, bypassing directory restrictions in the AgentFlows component. Exploitation requires high privileges (administrator access) but achieves cross-scope impact including leaking sensitive API keys from configuration files or destroying critical package.json files. Fixed in version 1.12.1. No public exploit identified at time of analysis, though technical details are disclosed via Huntr bounty platform.

Technical ContextAI

The vulnerability resides in the AgentFlows component (server/utils/agentFlows/index.js), where the loadFlow and deleteFlow methods process user-controlled input. The flaw stems from CWE-29 (Path Traversal with '..\..filename'), where improper sanitization allows attackers to exploit the interaction between Node.js path.join() and a custom normalizePath() function. Path.join() performs platform-specific path resolution, but when combined with inadequate input validation, attackers can inject directory traversal sequences (../) to escape the intended storage directory. The normalizePath() function fails to adequately neutralize these sequences before file system operations occur. This affects the anything-llm product from mintplex-labs (CPE: cpe:2.3:a:mintplex-labs:mintplex-labs/anything-llm), specifically the AgentFlows feature which manages workflow configuration as JSON files. The vulnerability class (CWE-29) represents a classic path canonicalization failure where relative path components are not properly resolved before access control checks.

RemediationAI

Upgrade immediately to mintplex-labs/anything-llm version 1.12.1 or later, which contains the fix committed in GitHub commit 3444b9b0aa6764d72d53670ab4b1aaccdc6b7017 (https://github.com/mintplex-labs/anything-llm/commit/3444b9b0aa6764d72d53670ab4b1aaccdc6b7017). The patch implements proper input validation and sanitization in the loadFlow and deleteFlow methods to prevent directory traversal attacks. Organizations unable to immediately upgrade should implement compensating controls: restrict administrator access to the AgentFlows component through role-based access controls, implement file integrity monitoring to detect unauthorized access or deletion of JSON configuration files, and audit administrator accounts for compromise indicators. Review server logs for suspicious path traversal patterns in AgentFlows API calls (requests containing ../ or ..\ sequences). Rotate all API keys and secrets stored in configuration files if unauthorized access is suspected. For airgapped or highly controlled deployments where administrator trust is absolute, risk may be accepted temporarily, but upgrade remains the definitive remediation. Detailed vulnerability information and the security bounty report are available at https://huntr.com/bounties/597d41c5-7ea0-4786-80f4-bd536ec66374.

Share

EUVD-2026-19637 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy