VYPR

Librechat

by Librechat

Source repositories

CVEs (43)

  • CVE-2026-32625CriJun 2, 2026
    risk 0.55cvss 9.6epss 0.03

    LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders against the server's process.env during Zod schema validation of user-supplied MCP…

  • CVE-2026-4276HigMar 16, 2026
    risk 0.49cvss 7.5epss 0.00

    LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.

  • CVE-2026-31943HigMar 27, 2026
    risk 0.48cvss 8.5epss 0.00

    LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the…

  • CVE-2026-44654HigJun 2, 2026
    risk 0.46cvss 8.1epss 0.00

    LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the owner has reused across multiple agents. The deletion removes the file globally…

  • CVE-2026-31942HigJun 2, 2026
    risk 0.39cvss 7.1epss 0.00

    LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys management endpoint (PUT /api/keys). Due to the use of the JavaScript object spread…

  • CVE-2025-7105MedFeb 2, 2026
    risk 0.37cvss 5.7epss 0.00

    A vulnerability in danny-avila/librechat allows attackers to exploit the unrestricted Fork Function in `/api/convos/fork` to fork numerous contents rapidly. If the forked content includes a Mermaid graph with a large number of nodes, it can lead to a JavaScript heap out of…

  • CVE-2026-44653MedJun 2, 2026
    risk 0.35cvss 6.5epss 0.00

    LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP server can retrieve the server's decrypted admin-managed secrets through `GET /api/mcp/servers` and `GET…

  • CVE-2026-34371MedApr 7, 2026
    risk 0.34cvss 6.3epss 0.00

    LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing…

  • CVE-2026-31951Mar 27, 2026
    risk 0.00cvss epss 0.00

    LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model Context Protocol) servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server…

  • CVE-2026-31950Mar 27, 2026
    risk 0.00cvss epss 0.00

    LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream…

  • CVE-2026-31945Mar 27, 2026
    risk 0.00cvss epss 0.00

    LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions or MCP. Although a previous SSRF vulnerability (https://github.com/danny-avila/LibreChat/security/advisor…

  • CVE-2026-33265Mar 18, 2026
    risk 0.00cvss epss 0.00

    In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API.

  • CVE-2025-41258Mar 18, 2026
    risk 0.00cvss epss 0.00

    LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.

  • CVE-2026-31949Mar 13, 2026
    risk 0.00cvss epss 0.00

    LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE…

  • CVE-2026-31944Mar 13, 2026
    risk 0.00cvss epss 0.00

    LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback endpoint accepts the redirect from the identity provider and stores OAuth tokens for the user who initiated the flow, without verifying that the…

  • CVE-2026-22252Jan 12, 2026
    risk 0.00cvss epss 0.04

    LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This…

  • CVE-2025-69222Jan 7, 2026
    risk 0.00cvss epss 0.04

    LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined…

  • CVE-2025-69221Jan 7, 2026
    risk 0.00cvss epss 0.00

    LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat…

  • CVE-2025-69220Jan 7, 2026
    risk 0.00cvss epss 0.00

    LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by…

  • CVE-2025-66452Dec 11, 2025
    risk 0.00cvss epss 0.00

    LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json() includes user input in the error message, which gets reflected in responses. User input (including HTML/JavaScript)…

Page 1 of 3