What happened
The document folder listing route in AnythingLLM on Windows accepts an encoded absolute path parameter that, after URL decoding and shared path normalization, resolves outside the intended documents directory. Authenticated users can enumerate arbitrary filesystem paths on the Windows host.
Why it matters
AnythingLLM is a self-hosted RAG application that turns documents into LLM context. Filesystem enumeration by an authenticated user can reveal sensitive files accessible to the AnythingLLM process, including configuration files containing API keys and database credentials used by the AI deployment.
Attack vector
Authenticated attacker sends a document folder listing request with an encoded absolute Windows path that resolves outside the intended documents directory, returning a listing of arbitrary filesystem locations
Affected systems
AnythingLLM < 1.13.0 (Windows only)
Mitigation
Upgrade to AnythingLLM 1.13.0. Advisory: https://github.com/Mintplex-Labs/anything-llm/security/advisories/GHSA-j4m9-wwcq-m868