CNNVD-202601-4428 Information

CNNVD ID

CNNVD-202601-4428

Related CVE

CVE-2026-24478

• CNNVD Published: 2026-01-27

Description (Chinese)

AnythingLLM是Mintplex开源的一个一体化AI应用程序。 AnythingLLM 1.10.0之前版本存在路径遍历漏洞，该漏洞源于DrupalWiki集成存在路径遍历，可能导致远程代码执行。

Description (English)

Anything LLM is an integrated AI application from Mintplex open source. The previous version of AnythingLM 1.10.0 has a loophole in the path, which stems from the DrupalWiki integration path, which may lead to remote code execution.

Hazard Level

Medium

Vulnerability Type

路径遍历

Affected Vendor

Mintplex

Published

2026-01-27

Last Modified

2026-02-24

References

https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-jp2f-99h9-7vjv

Patch

https://github.com/Mintplex-Labs/anything-llm/releases