Unrated severityOSV Advisory· Published Jan 12, 2026· Updated Jan 12, 2026
LibreChat MCP Stdio Remote Command Execution
CVE-2026-22252
Description
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fixed in v0.8.2-rc2.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- osv-coords3 versions
< 0.8.01-r5+ 2 more
- (no CPE)range: < 0.8.01-r5
- (no CPE)range: < 0.8.01-r5
- (no CPE)range: < 0.8.01-r5
Patches
Vulnerability mechanics
References
2- github.com/danny-avila/LibreChat/commit/211b39f3113d4e6ecab84be0a83f4e9c9dea127fmitrex_refsource_MISC
- github.com/danny-avila/LibreChat/security/advisories/GHSA-cxhj-j78r-p88fmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.