VYPR
Medium severity6.3NVD Advisory· Published Apr 7, 2026· Updated Apr 14, 2026

CVE-2026-34371

CVE-2026-34371

Description

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences (for example, ../../../../../app/client/dist/poc.txt) is concatenated into the server-side destination path and written with fs.writeFileSync() without sanitization. This gives any user who can trigger execute_code an arbitrary file write primitive as the LibreChat server user. This vulnerability is fixed in 0.8.4.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*+ 1 more
    • cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*range: <0.8.4
    • (no CPE)range: <0.8.4

Patches

Vulnerability mechanics

References

1

News mentions

0

No linked articles in our index yet.