CVE-2026-45403
Symlink Arbitrary File Copy in AnythingLLM
Publication date: 2026-05-28
Last updated on: 2026-05-28
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| anythingllm | anythingllm | to 1.13.0 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-59 | The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability exists in the AnythingLLM application prior to version 1.13.0, specifically in its filesystem copy tool. The tool only validates the top-level source and destination paths during a recursive copy operation. However, when copying child files and directories, it uses APIs that follow symbolic links (symlinks) without validating them. This means a symlink inside an allowed source directory can point to files outside the allowed filesystem root. As a result, files outside the permitted area can be copied into the destination as regular files, potentially exposing unauthorized content.
How can this vulnerability impact me? :
This vulnerability can lead to unauthorized copying of files from outside the intended source directory. An attacker or user with access to create symlinks could exploit this to copy sensitive or restricted files into allowed destinations, potentially exposing confidential information or bypassing access controls.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade the AnythingLLM application to version 1.13.0 or later, where the issue with symlink validation during recursive copy has been fixed.