Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1310 CNY

100%
Buy Us a Coffee

CVE-2026-45403— AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory

CVSS 2.0 · Low EPSS 0.03% · P9

Affected Version Matrix 1

VendorProductVersion RangeStatus
Mintplex-Labsanything-llm< 1.13.0affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-45403

Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
AnythingLLM: filesystem-copy-file follows nested symlinks and copies files from outside the allowed directory
Source: NVD (National Vulnerability Database)
Vulnerability Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the AnythingLLM agent filesystem copy tool validates only the top-level source and destination paths. The recursive copy helper then descends into child entries using fs.stat() and copies files with fs.copyFile() without validating each child or rejecting symlinks. Because both APIs follow symlinks, a symlink nested inside an allowed source directory can point outside the allowed filesystem root and cause outside file contents to be copied into an allowed destination as a regular file. This vulnerability is fixed in 1.13.0.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
在文件访问前对链接解析不恰当(链接跟随)
Source: NVD (National Vulnerability Database)
Vulnerability Title
AnythingLLM 后置链接漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
AnythingLLM是Mintplex开源的一个一体化AI应用程序。 AnythingLLM 1.13.0之前版本存在后置链接漏洞,该漏洞源于文件系统复制工具仅验证顶级源和目标路径,递归复制助手使用fs.stat()和fs.copyFile()复制子条目而未验证每个子条目或拒绝符号链接,允许的源目录内嵌套的符号链接可指向允许的文件系统根目录之外,导致外部文件内容被复制到允许的目标目录。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
Mintplex-Labsanything-llm < 1.13.0 -

II. Public POCs for CVE-2026-45403

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-45403

登录查看更多情报信息。

Patches & Fixes for CVE-2026-45403 (1)

Vendor Advisories for CVE-2026-45403 (1)

Same Patch Batch · Mintplex-Labs · 2026-05-28 · 3 CVEs total

CVE-2026-481167.5 HIGHAnythingLLM: RCE via ripgrep --pre argument injection in filesystem-search-files agent ski
CVE-2026-477132.0 LOWAnythingLLM: Legacy mobile device tokens bypass multi-user workspace scoping after mode mi

IV. Related Vulnerabilities

Same product: anything-llm
Same vendor: Mintplex-Labs
Same weakness: CWE-59

V. Comments for CVE-2026-45403

No comments yet

Leave a comment