AnythingLLM Desktop versions 1.11.1 and earlier contain a critical XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution. The vulnerability occurs in the custom markdown-it image renderer which interpolates token.content directly into HTML alt attributes without proper escaping. The PromptReply component renders this output via dangerouslySetInnerHTML without DOMPurify sanitization, unlike the secure HistoricalMessage component. This works with default settings and requires no user interaction beyond normal chat usage, making it particularly dangerous. The insecure Electron configuration allows the XSS to escalate to full RCE on the host operating system.