AnythingLLM Desktop is subject to a critical vulnerability where a simple chat interaction can trigger remote code execution on the user's computer without any interaction.

The vulnerability stems from a failure to escape HTML entities in the custom markdown-it image renderer and the use of dangerouslySetInnerHTML without DOMPurify sanitization. This unauthenticated XSS flaw escalates to RCE because the underlying Electron framework is insecurely configured.

This vulnerability poses a catastrophic risk to individual workstations and corporate data. An attacker can execute arbitrary commands on the host operating system simply by sending a malicious payload through the chat interface. The CVSS score of 9.6 reflects the ease of exploitation and the total compromise of the host machine.

Immediate Action: Update AnythingLLM Desktop to the latest version (post-1.11.1) immediately to apply the necessary sanitization and Electron security hardening.

Proactive Monitoring: Review endpoint security logs for suspicious process spawning from the AnythingLLM application and inspect chat history for unusual markdown or HTML tags.

Compensating Controls: Use application control software to restrict the execution of unauthorized scripts and ensure the application is run with the least privilege necessary.

Public Exploit Available: false

Immediate remediation is mandatory for all users of AnythingLLM Desktop. The transition from XSS to RCE is a critical failure point; therefore, updating to a version that implements proper DOMPurify sanitization and hardened Electron settings is the only effective way to mitigate this risk.