CVE-2026-45403 | AnythingLLM is an application that turns pieces of content i… | CVSS 2.0 LOW

Description

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child entries using fs.stat() and copies files with fs.copyFile() without validating each child or rejecting symlinks. Because both APIs follow symlinks, a symlink nested inside an allowed source directory can point outside the allowed filesystem root and cause outside file contents to be copied into an allowed destination as a regular file. This vulnerability is fixed in 1.13.0.

Metadata

CVE ID: CVE-2026-45403
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-05-12 01:48 UTC
Published: 2026-05-28 21:18 UTC
Last updated: 2026-05-29 19:06 UTC
Primary CWE: CWE-59
CWE-59: Improper Link Resolution Before File Access ('Link F…
Vendor / Product: Mintplex-Labs / anything-llm
Sources: cve.org · NVD

Severity & Metrics

2.0 LOW CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: no
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Mintplex-Labs	anything-llm	—	< 1.13.0

Weakness (CWE)

CWE	Source	Description
CWE-59	cna	CWE-59: Improper Link Resolution Before File Access ('Link Following')

CVSS scores (1)

Score	Severity	Version	Source	Vector
2.0	LOW	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N

References (2)

https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-vjrp-43mm-j7vw https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-vjrp-43mm-j7vw
https://github.com/Mintplex-Labs/anything-llm/commit/21ce03087145a4261c1de03b056fba639f699c09 https://github.com/Mintplex-Labs/anything-llm/commit/21ce03087145a4261c1de03b056fba639f699c09