CVE-2026-48116 is a high-severity command injection vulnerability in AnythingLLM, an application that converts content into contextual references for LLM chat interactions. The vulnerability exists in versions prior to 1.13.0 and stems from improper handling of user-controlled input passed to the ripgrep utility. The filesystem-search-files agent skill passes an LLM-controlled pattern parameter directly t [truncated]
## Summary CVE-2026-47713 is an authorization bypass vulnerability in AnythingLLM affecting versions prior to 1.13.0. The flaw stems from improper handling of mobile device tokens during a single-user to multi-user mode migration, allowing stale tokens to persist and grant unscoped data access in multi-user environments. ## Technical Details The vulnerability exists in the mobile authentication middleware [truncated]
CVE-2026-45403 is a low-severity (CVSS 2.0) symlink-following vulnerability in AnythingLLM prior to version 1.13.0. The agent filesystem copy tool validates only top-level source and destination paths, but the recursive copy helper uses fs.stat() and fs.copyFile() without validating child entries or rejecting symlinks. Because both Node.js APIs follow symlinks, a nested symlink inside an allowed source di [truncated]
An insecure direct object reference (IDOR) vulnerability in AnythingLLM prior to version 1.12.1 allows authenticated users to access other users' private chat responses via the text-to-speech (TTS) endpoint. The GET /api/workspace/:slug/tts/:chatId route validates workspace membership but fails to verify ownership of the targeted chat row, enabling unauthorized audio retrieval of private assistant respons [truncated]