Skip to main content

Mintplex Labs Anything Llm

1 CVEs product

Monthly

CVE-2026-5627 HIGH PATCH This Week

Path traversal in mintplex-labs/anything-llm (versions ≤1.9.1) allows authenticated administrators to read or delete arbitrary JSON files on the server, bypassing directory restrictions in the AgentFlows component. Exploitation requires high privileges (administrator access) but achieves cross-scope impact including leaking sensitive API keys from configuration files or destroying critical package.json files. Fixed in version 1.12.1. No public exploit identified at time of analysis, though technical details are disclosed via Huntr bounty platform.

Path Traversal Information Disclosure Denial Of Service Mintplex Labs Anything Llm
NVD GitHub
CVSS 3.1
7.2
EPSS
0.0%
EPSS 0% CVSS 7.2
HIGH PATCH This Week

Path traversal in mintplex-labs/anything-llm (versions ≤1.9.1) allows authenticated administrators to read or delete arbitrary JSON files on the server, bypassing directory restrictions in the AgentFlows component. Exploitation requires high privileges (administrator access) but achieves cross-scope impact including leaking sensitive API keys from configuration files or destroying critical package.json files. Fixed in version 1.12.1. No public exploit identified at time of analysis, though technical details are disclosed via Huntr bounty platform.

Path Traversal Information Disclosure Denial Of Service +1
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy