VYPR

Langbot

by Apboard

Source repositories

CVEs (2)

  • CVE-2025-59835HigOct 2, 2025
    risk 0.49cvss epss 0.00

    LangBot is a global IM bot platform designed for LLMs. In versions 4.1.0 up to but not including 4.3.5, authorized attackers can exploit the /api/v1/files/documents interface to perform arbitrary file uploads. Since this interface does not strictly restrict the storage directory…

  • CVE-2026-28509Mar 6, 2026
    risk 0.00cvss epss 0.00

    LangBot is a global IM bot platform designed for LLMs. Prior to version 4.8.7, LangBot’s web UI renders user-supplied raw HTML using rehypeRaw, which can lead to a cross-site scripting (XSS) vulnerability. This issue has been patched in version 4.8.7.