{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-11T15:38:33.461","vulnerabilities":[{"cve":{"id":"CVE-2026-24478","sourceIdentifier":"security-advisories@github.com","published":"2026-01-27T00:15:51.297","lastModified":"2026-01-28T15:52:39.977","vulnStatus":"Analyzed","cveTags":[],"descriptions":[{"lang":"en","value":"AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.10.0, a critical Path Traversal vulnerability in the DrupalWiki integration allows a malicious admin (or an attacker who can convince an admin to configure a malicious DrupalWiki URL) to write arbitrary files to the server. This can lead to Remote Code Execution (RCE) by overwriting configuration files or writing executable scripts. Version 1.10.0 fixes the issue."},{"lang":"es","value":"AnythingLLM es una aplicación que convierte piezas de contenido en contexto que cualquier LLM puede usar como referencias durante el chat. Antes de la versión 1.10.0, una vulnerabilidad crítica de salto de ruta en la integración de DrupalWiki permite a un administrador malicioso (o un atacante que pueda convencer a un administrador para que configure una URL maliciosa de DrupalWiki) escribir archivos arbitrarios en el servidor. Esto puede conducir a la ejecución remota de código (RCE) sobrescribiendo archivos de configuración o escribiendo scripts ejecutables. La versión 1.10.0 soluciona el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H","baseScore":7.2,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.2,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*","versionEndExcluding":"1.10.0","matchCriteriaId":"8DEA04F2-1EE6-4943-B989-76CB56A33BC2"}]}]}],"references":[{"url":"https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-jp2f-99h9-7vjv","source":"security-advisories@github.com","tags":["Exploit","Vendor Advisory"]}]}}]}