CVE-2026-48116 | Mintplex-Labs anything-llm up to 1.12.x command injection (GHSA-6hrp-7mw6-8v59)
ID: 11c4830c-089b-5539-b6b0-00c90a0ed5a3
STIX ID: report--11c4830c-089b-5539-b6b0-00c90a0ed5a3
Feed Name: VulDB Recent Entries
Threat Score
A critical command-injection vulnerability (CVE-2026-48116) in Mintplex-Labs anything-llm versions up to 1.12.x allows an attacker who can interact with an agent (with the filesystem plugin enabled) to craft a ripgrep pattern that results in arbitrary command execution inside the server container; the issue is fixed in 1.13.0 and upgrading is recommended.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.