CVE-2026-48116Mintplexlabs · Anythingllm
Vulnerability data via NVD (ingested)
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a -- end-of-options separator. ripgrep parses any argument that starts with - as an option, so a pattern of --pre=/bin/sh turns ripgrep into a script executor: it runs /bin/sh <file> for every file it walks. An attacker who can chat with an agent on a deployment with the filesystem plugin enabled (the default in the official Docker image) can use this, together with the sibling filesystem-write-text-file skill, to run arbitrary commands inside the AnythingLLM server container. This vulnerability is fixed in 1.13.0.
External references
Search for exposed instances
Shodan + Censys queries derived from NVD's CPE data. The vuln tag catches assets Shodan has explicitly linked to this CVE; the product / banner fingerprints find exposed instances even when the vuln tag was never applied (which is common).
vuln:CVE-2026-48116product:"Mintplexlabs Anythingllm"http.html:"Anythingllm"More intel sources (5)
vuln:CVE-2026-48116vulnerabilities.cve_id: CVE-2026-48116CVE-2026-48116CVE-2026-48116"CVE-2026-48116" exploit -site:nvd.nist.gov