CVE-2026-32626

Name of the Vulnerable Software and Affected Versions AnythingLLM versions 1.11.1 and earlier

Description AnythingLLM is an application designed to enhance Large Language Models (LLMs) by providing contextual information from content. A Streaming Phase Cross-Site Scripting (XSS) issue exists in the chat rendering pipeline, potentially leading to Remote Code Execution (RCE) on the host operating system. This is due to an insecure Electron configuration, specifically the combination of nodeIntegration: true and contextIsolation: false. The vulnerability arises from the interpolation of token content directly into the alt attribute within the custom markdown-it image renderer located in frontend/src/utils/chat/markdown.js without proper HTML entity escaping. The PromptReply component then renders this output using dangerouslySetInnerHTML without DOMPurify sanitization, unlike the HistoricalMessage component which correctly applies DOMPurify.sanitize(). An attacker can exploit this by influencing the content generated by the LLM, such as through poisoned Retrieval-Augmented Generation (RAG) documents or compromised LLM endpoints, to achieve full host compromise.

Recommendations Update to version 1.11.2 or later.