top of page
perceptive_background_267k.jpg

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical …

Published:

26 januari 2026 om 23:00:00

Alert date:

27 januari 2026 om 15:03:42

Source:

nvd.nist.gov

Click to open the original link from this advisory

Web Technologies, Emerging Technologies

CVE-2026-24478 is a critical Path Traversal vulnerability in AnythingLLM's DrupalWiki integration prior to version 1.10.0. The vulnerability allows a malicious admin or attacker to write arbitrary files to the server through a malicious DrupalWiki URL configuration. This can lead to Remote Code Execution by overwriting configuration files or writing executable scripts. The issue affects the application's ability to turn content into context for LLM references during chatting. Version 1.10.0 contains the fix for this vulnerability.

Technical details

Mitigation steps:

Affected products:

AnythingLLM

Related links:

https://nvd.nist.gov/vuln/detail/CVE-2026-24478
https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-jp2f-99h9-7vjv

Related CVE's:

Related threat actors:

IOC's:

This article was created with the assistance of AI technology by Perceptive.

About us

© 2025 by Perceptive Security. All rights reserved.

email: info@perceptivesecurity.com

Deze website toont informatie afkomstig van externe bronnen; Perceptive aanvaardt geen verantwoordelijkheid voor de juistheid, volledigheid of actualiteit van deze informatie.

bottom of page