CVE-2026-5627: CWE-29 Path Traversal: '\..\filename' in mintplex-labs mintplex-labs/anything-llm
CVE-2026-5627 is a critical path traversal vulnerability in mintplex-labs/anything-llm versions up to 1. 9. 1 affecting the AgentFlows component. It allows attackers with high privileges to bypass directory restrictions via crafted input to loadFlow and deleteFlow methods, potentially accessing or deleting arbitrary JSON files on the server. This can lead to disclosure of sensitive data such as API keys or denial of service by removing critical files like package. json. The vulnerability is fixed in version 1. 12. 1. No official patch advisory is provided in the input, so patch status is not fully confirmed.
AI Analysis
Technical Summary
This vulnerability arises from improper input handling in the AgentFlows component of mintplex-labs/anything-llm (<=1.9.1). The combination of path.join and normalizePath functions in server/utils/agentFlows/index.js fails to prevent path traversal sequences like '\..\filename', enabling attackers to escape intended directories. This allows reading or deleting arbitrary .json files on the server, including sensitive configuration files or critical application files. The issue is resolved in version 1.12.1. The CVSS 3.0 score is 9.1, indicating critical severity with network attack vector, low attack complexity, high privileges required, no user interaction, and impacts on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation can lead to full disclosure of sensitive configuration files containing API keys and other secrets, as well as denial of service by deleting essential files such as package.json. This compromises confidentiality, integrity, and availability of the affected system. The vulnerability requires high privileges to exploit but can be triggered remotely over the network.
Mitigation Recommendations
The vulnerability is fixed in mintplex-labs/anything-llm version 1.12.1. Users should upgrade to this version or later to remediate the issue. Patch status is not explicitly confirmed by a vendor advisory in the provided data; therefore, verify the vendor's official channels for the latest remediation guidance. Until patched, restrict access to the affected component to trusted users with minimal privileges to reduce risk.
CVE-2026-5627: CWE-29 Path Traversal: '\..\filename' in mintplex-labs mintplex-labs/anything-llm
Description
CVE-2026-5627 is a critical path traversal vulnerability in mintplex-labs/anything-llm versions up to 1. 9. 1 affecting the AgentFlows component. It allows attackers with high privileges to bypass directory restrictions via crafted input to loadFlow and deleteFlow methods, potentially accessing or deleting arbitrary JSON files on the server. This can lead to disclosure of sensitive data such as API keys or denial of service by removing critical files like package. json. The vulnerability is fixed in version 1. 12. 1. No official patch advisory is provided in the input, so patch status is not fully confirmed.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability arises from improper input handling in the AgentFlows component of mintplex-labs/anything-llm (<=1.9.1). The combination of path.join and normalizePath functions in server/utils/agentFlows/index.js fails to prevent path traversal sequences like '\..\filename', enabling attackers to escape intended directories. This allows reading or deleting arbitrary .json files on the server, including sensitive configuration files or critical application files. The issue is resolved in version 1.12.1. The CVSS 3.0 score is 9.1, indicating critical severity with network attack vector, low attack complexity, high privileges required, no user interaction, and impacts on confidentiality, integrity, and availability.
Potential Impact
Successful exploitation can lead to full disclosure of sensitive configuration files containing API keys and other secrets, as well as denial of service by deleting essential files such as package.json. This compromises confidentiality, integrity, and availability of the affected system. The vulnerability requires high privileges to exploit but can be triggered remotely over the network.
Mitigation Recommendations
The vulnerability is fixed in mintplex-labs/anything-llm version 1.12.1. Users should upgrade to this version or later to remediate the issue. Patch status is not explicitly confirmed by a vendor advisory in the provided data; therefore, verify the vendor's official channels for the latest remediation guidance. Until patched, restrict access to the affected component to trusted users with minimal privileges to reduce risk.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- @huntr_ai
- Date Reserved
- 2026-04-05T18:57:42.463Z
- Cvss Version
- 3.0
- State
- PUBLISHED
- Remediation Level
- null
Threat ID: 69d50aa5aaed68159a256b40
Added to database: 4/7/2026, 1:46:13 PM
Last enriched: 4/7/2026, 2:01:09 PM
Last updated: 4/7/2026, 4:03:54 PM
Views: 8
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.