CVE-2026-32626
Awaiting Analysis Awaiting Analysis - Queue
Streaming Phase XSS in AnythingLLM Desktop Enables Remote Code Execution

Publication date: 2026-03-16

Last updated on: 2026-03-16

Assigner: GitHub, Inc.

Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, AnythingLLM Desktop contains a Streaming Phase XSS vulnerability in the chat rendering pipeline that escalates to Remote Code Execution on the host OS due to insecure Electron configuration. This works with default settings and requires no user interaction beyond normal chat usage. The custom markdown-it image renderer in frontend/src/utils/chat/markdown.js interpolates token.content directly into the alt attribute without HTML entity escaping. The PromptReply component renders this output via dangerouslySetInnerHTML without DOMPurify sanitization β€” unlike HistoricalMessage which correctly applies DOMPurify.sanitize().
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-16
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32626
EUVD
EUVD-2026-12105
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mintplexlabs anythingllm to 1.11.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The vulnerability exists in AnythingLLM Desktop version 1.11.1 and earlier. It is a Streaming Phase Cross-Site Scripting (XSS) vulnerability in the chat rendering pipeline. Specifically, the application uses a custom markdown-it image renderer that inserts user content directly into the alt attribute of an image tag without escaping HTML entities. This content is then rendered using dangerouslySetInnerHTML without proper sanitization, allowing malicious scripts to be executed.

Because of insecure Electron configuration, this XSS vulnerability escalates to Remote Code Execution (RCE) on the host operating system. The exploit works with default settings and requires no special user interaction beyond normal chat usage.

Impact Analysis

This vulnerability can have severe impacts because it allows an attacker to execute arbitrary code remotely on the host operating system where AnythingLLM Desktop is running.

  • An attacker could take full control of the affected system.
  • Sensitive data on the host machine could be accessed or modified.
  • The system could be used as a foothold for further attacks within a network.
  • The integrity, confidentiality, and availability of the system could be compromised.
Compliance Impact

I don't know

Detection Guidance

I don't know

Mitigation Strategies

To mitigate this vulnerability, you should update AnythingLLM Desktop to a version later than 1.11.1 where the Streaming Phase XSS vulnerability is fixed.

Additionally, avoid using the vulnerable versions with default Electron settings, and ensure that any HTML content rendered in the chat pipeline is properly sanitized, for example by applying DOMPurify.sanitize() to user-generated content before rendering.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32626. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart