The vulnerability identified as CVE-2026-32719 affects the anything-llm application developed by Mintplex-Labs, specifically versions 1.11.1 and earlier. The issue resides in the function ImportedPlugin.importCommunityItemFromUrl() located in server/utils/agents/imported.js. This function downloads ZIP archives from a community hub URL and extracts them using the AdmZip.extractAllTo() method. However, the extraction process lacks proper validation of file paths within the ZIP archive, allowing maliciously crafted ZIP files to exploit a Zip Slip path traversal vulnerability (CWE-22). By including path traversal sequences (e.g., ../) in the filenames inside the ZIP, an attacker can cause the extraction process to write files outside the intended directory, potentially overwriting critical system or application files. This can lead to arbitrary code execution (CWE-94) if the attacker places executable scripts or code in sensitive locations. The vulnerability requires the attacker to have authenticated access and to trigger the importCommunityItemFromUrl() function, implying some level of user interaction and privileges. The CVSS 3.1 base score is 4.2 (medium), reflecting network attack vector but high attack complexity and privileges required. No public exploits have been reported yet, but the risk remains significant due to the potential for code execution. The lack of patch links suggests a fix is pending or not yet publicly available.

If exploited, this vulnerability can allow an attacker to execute arbitrary code on the server hosting anything-llm by writing malicious files outside the intended extraction directory. This compromises the integrity of the system and could lead to further compromise, including data manipulation, service disruption, or pivoting to other network resources. Since anything-llm is used to provide contextual references for large language models, a compromised system could also lead to poisoning of AI outputs or leakage of sensitive data. The requirement for authentication and user interaction limits the attack surface but does not eliminate risk, especially in environments where multiple users have access or where attackers can trick legitimate users into performing the import. Organizations relying on anything-llm for AI workflows or content processing may face operational disruptions and reputational damage if exploited.

Organizations should immediately audit their usage of anything-llm and restrict access to the importCommunityItemFromUrl() functionality to trusted users only. Until a patch is available, implement manual validation of ZIP files before importing, ensuring no file paths contain traversal sequences or absolute paths. Employ sandboxing or containerization for the extraction process to limit filesystem impact. Monitor logs for suspicious import activity and unexpected file writes outside designated directories. Educate users about the risks of importing untrusted community content. Once Mintplex-Labs releases a patch, promptly update to a fixed version. Additionally, consider implementing application-level controls that enforce strict path normalization and whitelist allowed file types within ZIP archives.