CVE-2026-32719 is a path traversal vulnerability categorized under CWE-22 and CWE-94 affecting the Mintplex-Labs anything-llm application, specifically versions 1.11.1 and earlier. The vulnerability arises in the ImportedPlugin.importCommunityItemFromUrl() function located in server/utils/agents/imported.js, which downloads ZIP files from a community hub URL and extracts them using the AdmZip.extractAllTo() method. The extraction process lacks validation of file paths within the ZIP archive, enabling a Zip Slip attack. This attack allows an adversary to craft a malicious ZIP file containing file paths that traverse directories (e.g., using ../ sequences), resulting in files being written outside the intended extraction directory. Such unauthorized file writes can lead to arbitrary code execution if the attacker places malicious scripts or executables in sensitive locations. The vulnerability requires the attacker to have authenticated access and user interaction to trigger the import function. The CVSS v3.1 base score is 4.2, reflecting a medium severity due to the need for privileges and user action, and the impact primarily affects integrity without compromising confidentiality or availability. No public exploits are known at this time, but the risk remains significant given the potential for code execution. The vulnerability highlights the importance of validating archive contents before extraction and restricting file writes to intended directories to prevent path traversal attacks.

The primary impact of CVE-2026-32719 is the potential for arbitrary code execution on systems running vulnerable versions of anything-llm. Successful exploitation can allow attackers to overwrite or create files outside the designated plugin directory, potentially injecting malicious code that executes with the privileges of the application. This can lead to compromise of the host system, unauthorized modification of application behavior, and persistence mechanisms for attackers. Organizations relying on anything-llm for AI content referencing may face integrity breaches, undermining trust in the system's outputs. Although the vulnerability does not directly affect confidentiality or availability, the ability to execute arbitrary code elevates the risk profile. The requirement for authenticated access and user interaction limits the attack surface but does not eliminate the threat, especially in environments with multiple users or automated workflows. The absence of known exploits in the wild reduces immediate risk but does not preclude future attacks. Overall, the vulnerability can disrupt AI service integrity and potentially serve as a foothold for broader network compromise.

To mitigate CVE-2026-32719, organizations should implement strict validation and sanitization of file paths within ZIP archives before extraction. This includes rejecting or neutralizing any file paths containing directory traversal sequences such as '../' or absolute paths. Developers should update the anything-llm application to versions beyond 1.11.1 once patches are released by Mintplex-Labs. Until patches are available, consider disabling the importCommunityItemFromUrl() function or restricting its use to trusted users and sources. Employ application-level sandboxing or containerization to limit the impact of potential code execution. Monitor logs for unusual file extraction activities or unexpected file creations outside designated directories. Conduct regular code reviews and security testing focusing on archive handling functions. Additionally, enforce the principle of least privilege for the application process to minimize damage from exploitation. Educate users about the risks of importing untrusted plugins or community items. Finally, maintain an incident response plan to quickly address any signs of compromise related to this vulnerability.