CVE-2026-41318

Name of the Vulnerable Software and Affected Versions AnythingLLM versions prior to 1.12.1

Description The in-chat markdown renderer contains an unsafe custom rule for images that interpolates the markdown image alt text into an HTML alt attribute without HTML encoding. While most call-sites use DOMPurify.sanitize() for defense-in-depth, the Chartable component renders chart captions without sanitization. An attacker capable of influencing the LLM output—such as through indirect prompt injection in a shared workspace document or by creating a chart record in a multi-user workspace—can trigger stored DOM-level Cross-Site Scripting (XSS), which is a vulnerability allowing the execution of malicious scripts in a user's browser. The chat history is loaded via the 'GET /api/workspace/:slug/chats' endpoint and rendered in the UI.

Recommendations Update to version 1.12.1.