Arbitrary Command Execution in AnythingLLM by Mintplex Labs
CVE-2026-48116
What is CVE-2026-48116?
The AnythingLLM application, which enhances LLM interactions by allowing content references during chats, is vulnerable to arbitrary command execution. Versions prior to 1.13.0 suffer from an issue where the filesystem-search-files agent skill improperly passes a pattern parameter to ripgrep without a proper end-of-options separator. As a result, an attacker who engages with an agent in a deployment with the filesystem plugin enabled can exploit this to execute arbitrary commands inside the AnythingLLM server container. This critical flaw can allow attackers to manipulate the server environment by running any command, compromising the security and integrity of the application. The vulnerability has been addressed in version 1.13.0.
Affected Version(s)
anything-llm < 1.13.0
