mintplexlabs
AI / MLcommercial
Latest CVEs
The 15 most recently published vulnerabilities affecting mintplexlabs.
- CVE-2026-47713AnythingLLM: Legacy mobile device tokens bypass multi-user workspace scoping after mode migration2.0
- CVE-2026-48116AnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent skill7.5
- CVE-2026-45403AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory2.0
- CVE-2026-42456AnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)4.3
- CVE-2026-41318AnythingLLM vulnerable to stored DOM XSS in chart caption renderer - LLM-driven prompt injection produces executable HTML via unsanitized renderMarkdown(content.caption) in Chartable component5.4
- CVE-2026-5627Path Traversal in mintplex-labs/anything-llm7.2
- CVE-2026-32719AnythingLLM has a Zip Slip Path Traversal and Code Execution via Community Hub Plugin Import4.2
- CVE-2026-32717AnythingLLM access control bypass: suspended users can continue using Browser Extension API keys2.7
- CVE-2026-32715AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences3.8
- CVE-2026-32628AnythingLLM has SQL Injection in Built-in SQL Agent Plugin via Unsanitized table_name Parameter8.8
- CVE-2026-32626AnythingLLM has a Streaming Phase XSS to RCE via LLM Response Injection9.6
- CVE-2026-32617AnythingLLM Permissable CORS policy7.1
- CVE-2026-24478AnythingLLM vulnerable to Path Traversal7.2
- CVE-2026-24477AnythingLLM has key leak in `systemSettings.js`7.5
- CVE-2026-21484AnythingLLM Vulnerable to Username Enumeration w/ Password Recovery5.3