CVE-2026-32719
Awaiting Analysis Awaiting Analysis - Queue
Zip Slip Path Traversal in AnythingLLM Allows Remote Code Execution

Publication date: 2026-03-16

Last updated on: 2026-03-16

Assigner: GitHub, Inc.

Description
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file paths within the archive. This enables a Zip Slip path traversal attack that can lead to arbitrary code execution.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-16
Last Modified
2026-03-16
Generated
2026-06-16
AI Q&A
2026-03-16
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32719
EUVD
EUVD-2026-12177
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
mintplexlabs anythingllm to 1.11.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

[{'type': 'paragraph', 'content': 'CVE-2026-32719 is a Zip Slip path traversal vulnerability in the AnythingLLM application, specifically in the ImportedPlugin.importCommunityItemFromUrl() function. This function downloads a ZIP file from a community hub URL and extracts it without validating the file paths inside the archive. Because of this lack of validation, a malicious ZIP file can contain path traversal sequences (like "../../") that cause files to be extracted outside the intended directory.'}, {'type': 'paragraph', 'content': "This vulnerability allows an attacker with admin privileges to import a crafted ZIP archive that can overwrite arbitrary files on the server filesystem. Since the system loads and executes plugins, this can lead to arbitrary code execution with the server's privileges."}] [1]

Impact Analysis

[{'type': 'paragraph', 'content': 'If exploited, this vulnerability can allow an attacker with administrative access to execute arbitrary code on the server running AnythingLLM. This happens because the attacker can craft a malicious ZIP file that, when imported, overwrites files outside the intended plugin directory.'}, {'type': 'paragraph', 'content': "The impact includes potential unauthorized modification of server files, leading to compromise of the server environment, possible data integrity issues, and execution of malicious code with the server's privileges."}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability involves the import of malicious ZIP files containing path traversal sequences that can overwrite arbitrary files on the system. Detection involves monitoring for suspicious ZIP file imports from the community hub, especially those containing path traversal entries like "../".'}, {'type': 'paragraph', 'content': 'You can inspect ZIP files before extraction to detect path traversal entries by listing their contents and checking for suspicious paths.'}, {'type': 'list_item', 'content': 'Use a command like `unzip -l suspicious.zip` to list the contents of a ZIP file and look for entries with "../" or absolute paths.'}, {'type': 'list_item', 'content': 'On the server, monitor logs or audit plugin import actions to detect when ZIP files are downloaded and extracted from the community hub.'}, {'type': 'list_item', 'content': 'Check for unexpected file modifications outside the intended plugin directory, which may indicate exploitation.'}] [1]

Mitigation Strategies

[{'type': 'paragraph', 'content': 'Immediate mitigation steps include preventing the extraction of ZIP files containing path traversal entries and restricting plugin imports.'}, {'type': 'list_item', 'content': 'Validate all ZIP entry paths before extraction to ensure they do not contain path traversal sequences like "../" and that they remain within the intended plugin directory.'}, {'type': 'list_item', 'content': 'Restrict or disable the ability for administrators to import plugins from untrusted or unverified community hub URLs.'}, {'type': 'list_item', 'content': 'Implement or enforce Server-Side Request Forgery (SSRF) protections to validate download URLs.'}, {'type': 'list_item', 'content': 'Upgrade to patched versions of AnythingLLM newer than 1.11.1 where this vulnerability is fixed.'}, {'type': 'list_item', 'content': 'Consider sandboxing the execution environment of imported plugins to limit potential damage from malicious code.'}] [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32719. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart