Unrated severityNVD Advisory· Published Mar 13, 2026· Updated Mar 16, 2026
LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos
CVE-2026-31949
Description
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler attempts to destructure req.body.arg without validating that it exists. The server crashes due to an unhandled TypeError that bypasses Express error handling middleware and triggers process.exit(1). This vulnerability is fixed in 0.8.3-rc1.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2Patches
Vulnerability mechanics
References
1- github.com/danny-avila/LibreChat/security/advisories/GHSA-5m32-chq6-232pmitrex_refsource_CONFIRM
News mentions
0No linked articles in our index yet.