CVE-2026-48116 – AnythingLLM: RCE via ripgrep –pre argument injection in filesystem-search-files agent skill

CVE ID :CVE-2026-48116

Published : May 28, 2026, 10:17 p.m. | 15 minutes ago

Description :AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a — end-of-options separator. ripgrep parses any argument that starts with – as an option, so a pattern of –pre=/bin/sh turns ripgrep into a script executor: it runs /bin/sh for every file it walks. An attacker who can chat with an agent on a deployment with the filesystem plugin enabled (the default in the official Docker image) can use this, together with the sibling filesystem-write-text-file skill, to run arbitrary commands inside the AnythingLLM server container. This vulnerability is fixed in 1.13.0.

Severity: 7.5 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more… 

نوشته های مشابه

CVE-2026-9811 – Mautic Stored Cross-Site Scripting (XSS) Vulnerability

CVE-2026-9809 – Mautic Stored XSS in Projects Component

CVE-2026-9808 – Mautic Authorization Bypass

CVE-2026-9559 – Mautic Remote Code Execution via Path Traversal