VYPR
Medium severity5.4NVD Advisory· Published Apr 24, 2026· Updated Apr 27, 2026

CVE-2026-41318

CVE-2026-41318

Description

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to version 1.12.1, AnythingLLM's in-chat markdown renderer has an unsafe custom rule for images that interpolates the markdown image's alt text into an HTML alt="..." attribute without any HTML encoding. Every call-site in the app wraps renderMarkdown(...) with DOMPurify.sanitize(...) as defense-in-depth — except the Chartable component, which renders chart captions with no sanitization. The chart caption is the natural-language text the LLM emits around a create-chart tool call, so any attacker who can influence the LLM's output — most cheaply via indirect prompt injection in a shared workspace document, or directly if they can create a chart record in a multi-user workspace — can trigger stored DOM-level XSS in every other user's browser when they open that conversation. AnythingLLM chat history is loaded server-side via GET /api/workspace/:slug/chats and rendered directly into the chat UI. Version 1.12.1 contains a patch for this issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:mintplexlabs:anythingllm:*:*:*:*:*:*:*:*range: <1.12.1
    • (no CPE)range: <=1.12.1

Patches

Vulnerability mechanics

References

2

News mentions

0

No linked articles in our index yet.