What is CVE-2026-5627?

CVE-2026-5627 is a critical-severity vulnerability in Mintplex-labs Mintplex-labs/anything-llm, classified under CWE-29. CVSS score: 9.1/10. Published 2026-04-07.

How severe is CVE-2026-5627?

Critical severity. CVSS v3 base score is 9.1 out of 10.

Vulnerability in Mintplex-labs Mintplex-labs/anything-llm

CVE-2026-5627

A path traversal vulnerability exists in mintplex-labs/anything-llm versions up to and including 1.9.1, within the `AgentFlows` component. The vulnerability arises from improper handling of user input in the `loadFlow` and `deleteFlow` met…

EPSS: 0.001 (19.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.1 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H.

Affected products

Mintplex-labs Mintplex-labs/anything-llm — versions unspecified

Weakness classification (CWE)

CWE-29

References

huntr.com/bounties/597d41c5-7ea0-4786-80f4-bd536ec66374
github.com/mintplex-labs/anything-llm/commit/3444b9b0aa6764d72d53670ab4b1aaccdc…

Frequently asked questions

What is CVE-2026-5627?: CVE-2026-5627 is a critical-severity vulnerability in Mintplex-labs Mintplex-labs/anything-llm, classified under CWE-29. CVSS score: 9.1/10. Published 2026-04-07.
How severe is CVE-2026-5627?: Critical severity. CVSS v3 base score is 9.1 out of 10.