Unrated severityNVD Advisory· Published Mar 18, 2026· Updated Mar 18, 2026
LibreChat RAG API Authentication Bypass
CVE-2025-41258
Description
LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1News mentions
0No linked articles in our index yet.