CVE-2026-32626: Critical XSS-to-RCE vulnerability in AnythingLLM Desktop gives attackers full system control

A CVSS 9.6 streaming-phase XSS flaw in AnythingLLM Desktop's chat renderer escalates to full remote code execution on the host OS via insecure Electron configuration.

Latest in AI Security

AI Security

New AI-driven phishing campaigns bypass multi-factor authentication

Adversaries are leveraging generative AI to dynamically craft localized lure documents that evade traditional email gateways.

Mar 15, 2026 Read More →