CVE-2026-5627 | mintplex-labs anything-llm up to 1.12.0 AgentFlows index.js loadFlow/deleteFlow path traversal

Inserito da Angelo Barbosa | Apr 7, 2026 | CVE

A vulnerability categorized as problematic has been discovered in mintplex-labs anything-llm up to 1.12.0. This affects the function loadFlow/deleteFlow of the file server/utils/agentFlows/index.js of the component AgentFlows. Such manipulation leads to path traversal: ‘..filename’.

This vulnerability is listed as CVE-2026-5627. The attack may be performed from remote. There is no available exploit.

It is advisable to upgrade the affected component.

CVE-2026-5627 | mintplex-labs anything-llm up to 1.12.0 AgentFlows index.js loadFlow/deleteFlow path traversal

Post correlati

CVE-2024-22408 | Shopware up to 6.5.7.3 Flow Builder server-side request forgery (GHSA-3535-m8vh-vrmw)

CVE-2024-45740 | Splunk Enterprise/Cloud Platform up to 9.1.5/9.2.2 cross site scripting (SVD-2024-1010)

CVE-2024-54500 | Apple iPadOS Image memory corruption

CVE-2024-27459 | OpenVPN up to 2.6.9 Data stack-based overflow