CVE-2026-48116
Published: 28 May 2026
Summary
CVE-2026-48116 is a high-severity Command Injection (CWE-77) vulnerability. Its CVSS base score is 7.5 (High).
Operationally, ranked at the 15.1th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other AI Platforms.
Deeper analysisAI
Automated synthesis unavailable for this CVE.
Vulnerability
AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, the filesystem-search-files agent skill passes its LLM-controlled pattern parameter to ripgrep as a positional argument without a…
more
-- end-of-options separator. ripgrep parses any argument that starts with - as an option, so a pattern of --pre=/bin/sh turns ripgrep into a script executor: it runs /bin/sh <file> for every file it walks. An attacker who can chat with an agent on a deployment with the filesystem plugin enabled (the default in the official Docker image) can use this, together with the sibling filesystem-write-text-file skill, to run arbitrary commands inside the AnythingLLM server container. This vulnerability is fixed in 1.13.0.
- CWE(s)
- OWASP Top 10 Web 2025
Threat picture
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Defense & controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.
AI Security AnalysisAI
- AI Category
- Other AI Platforms
- Risk Domain
- N/A
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: llm, llm