CVE ID :CVE-2026-32719 Published : March 13, 2026, 9:25 p.m. | 49 minutes ago Description :AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The ImportedPlugin.importCommunityItemFromUrl() function in server/utils/agents/imported.js downloads a ZIP file from a community hub URL and extracts it using AdmZip.extractAllTo() without validating file paths within the archive. This enables a Zip Slip path traversal attack that can lead to arbitrary code execution. Severity: 0.0 | NA Visit the link for more details, such as CVSS details, affected products, timeline, and more...