VYPR
Unrated severityNVD Advisory· Published Mar 18, 2026· Updated Mar 18, 2026

LibreChat RAG API Authentication Bypass

CVE-2025-41258

Description

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Librechat/Librechatllm-fuzzy2 versions
    = 0.8.1-rc2+ 1 more
    • (no CPE)range: = 0.8.1-rc2
    • (no CPE)range: 0.8.1-rc2

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.