threat
engine
.sh
Back
·
··:··
Home
/
Product
/
librechat
Product
librechat
37 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2026-34371
< 0.8.4
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_cod
6.3
MEDIUM
CVE-2026-31951
>= 0.8.2 and < 0.8.3
LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model Context Pr
6.8
MEDIUM
CVE-2026-31950
all versions
LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/a
5.3
MEDIUM
CVE-2026-31945
all versions
LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request fo
7.7
HIGH
CVE-2026-31943
< 0.8.3
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3,
isPrivateIP()
in `packages/api/src/auth/domain.ts
8.5
HIGH
CVE-2026-33265
all versions
In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API.
6.3
MEDIUM
CVE-2025-41258
all versions
LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-leve
8.0
HIGH
CVE-2026-31949
< 0.8.3
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exists in the D
6.5
MEDIUM
CVE-2026-31944
all versions
LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth callback en
7.6
HIGH
CVE-2026-22252
all versions
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary comm
9.1
CRITICAL
CVE-2025-69222
all versions
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery (SSRF) vulnerab
9.1
CRITICAL
CVE-2025-69221
all versions
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agen
4.3
MEDIUM
CVE-2025-69220
all versions
LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads t
7.1
HIGH
CVE-2025-66452
<= 0.8.0
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, there is no handler for JSON parsing errors; S
6.1
MEDIUM
CVE-2025-66451
< 0.8.1
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when creating prompts, JSON requests are sent
6.5
MEDIUM
CVE-2025-66450
< 0.8.1
LibreChat is a ChatGPT clone with additional features. In versions 0.8.0 and below, when a user posts a question, the iconURL para
5.4
MEDIUM
CVE-2025-66201
< 0.8.1
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request
8.1
HIGH
CVE-2025-8849
all versions
LibreChat version 0.7.9 is vulnerable to a Denial of Service (DoS) attack due to unbounded parameter values in the
/api/memories
7.5
HIGH
CVE-2025-8850
all versions
In danny-avila/librechat version 0.7.9, there is an insecure API design issue in the 2-Factor Authentication (2FA) flow. The syste
8.8
HIGH
CVE-2025-8848
all versions
A vulnerability in danny-avila/librechat version 0.7.9 allows for HTML injection via the Accept-Language header. When a logged-in
5.4
MEDIUM
CVE-2025-7104
< 0.7.9
A mass assignment vulnerability exists in danny-avila/librechat, affecting all versions. This vulnerability allows attackers to ma
7.5
HIGH
CVE-2025-7106
< 0.7.9
danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The `checkAccess
5.3
MEDIUM
CVE-2025-6088
all versions
In version 0.7.8 of danny-avila/librechat, improper authorization controls in the conversation sharing feature allow unauthorized
3.1
LOW
CVE-2025-54868
>= 0.0.6 and < 0.7.8
LibreChat is a ChatGPT clone with additional features. In versions 0.0.6 through 0.7.7-rc1, an exposed testing endpoint allows rea
7.5
HIGH
CVE-2024-12580
< 0.7.6
A vulnerability in danny-avila/librechat prior to version 0.7.6 allows for logs debug injection. The parameters sessionId, fileId,
5.3
MEDIUM
CVE-2024-11173
< 0.7.6
An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a f
6.5
MEDIUM
CVE-2024-11172
< 0.7.6
A vulnerability in danny-avila/librechat version git a1647d7 allows an unauthenticated attacker to cause a denial of service by se
7.5
HIGH
CVE-2024-11171
< 0.7.6
In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. The application uses multer mid
7.5
HIGH
CVE-2024-11170
< 0.7.6
A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of file paths
8.8
HIGH
CVE-2024-11169
< 0.7.6
An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module th
7.5
HIGH
CVE-2024-11167
< 0.7.6
An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete oth
5.3
MEDIUM
CVE-2024-10366
all versions
An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0
6.5
MEDIUM
CVE-2024-10363
all versions
In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create pro
5.4
MEDIUM
CVE-2024-10361
all versions
An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files en
9.1
CRITICAL
CVE-2024-10359
all versions
In danny-avila/librechat version v0.7.5-rc2, a vulnerability exists in the preset creation functionality where a user can manipula
4.6
MEDIUM
CVE-2024-41704
<= 0.7.3
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.
9.8
CRITICAL
CVE-2024-41703
<= 0.7.3
LibreChat through 0.7.4-rc1 has incorrect access control for message updates.
9.8
CRITICAL
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin