Danny-avila Librechat
21 CVEs affecting Danny-avila Librechat. Latest disclosed: 2026-06-02. Critical: 3, High: 8.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-32625 | Critical | 9.6 | 2026-06-02 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server inte… |
CVE-2026-22252 | Critical | 9.1 | 2026-01-12 | LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allo… |
CVE-2025-69222 | Critical | 9.1 | 2026-01-07 | LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerability due to missing restrict… |
CVE-2026-31943 | High | 8.5 | 2026-03-27 | LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped… |
CVE-2026-44654 | High | 8.1 | 2026-06-02 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file record… |
CVE-2025-41258 | High | 8.0 | 2026-03-18 | LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG A… |
CVE-2026-31945 | High | 7.7 | 2026-03-27 | LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when usin… |
CVE-2026-31944 | High | 7.6 | 2026-03-13 | LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback endpoint accepts the redirect f… |
CVE-2025-54868 | High | 7.5 | 2025-08-05 | LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows reading arbitrary chats directly… |
CVE-2026-31942 | High | 7.1 | 2026-06-02 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) v… |
CVE-2025-69220 | High | 7.1 | 2026-01-07 | LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and… |
CVE-2026-31951 | Medium | 6.8 | 2026-03-27 | LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model Context Protocol) servers can include a… |
CVE-2026-44653 | Medium | 6.5 | 2026-06-02 | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with only `VIEW` access to an MCP serv… |
CVE-2026-31949 | Medium | 6.5 | 2026-03-13 | LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exists in the DELETE /api/convos endpoint th… |
CVE-2026-34371 | Medium | 6.3 | 2026-04-07 | LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting cod… |
CVE-2026-31950 | Medium | 5.3 | 2026-03-27 | LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId`… |
CVE-2025-69221 | Medium | 4.3 | 2026-01-07 | LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticat… |
CVE-2025-66452 | | 2025-12-11 | LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; SyntaxError from express.json(… | |
CVE-2025-66451 | | 2025-12-11 | LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent to define and modify the prom… | |
CVE-2025-66450 | | 2025-12-11 | LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL parameter of the POST request can… |