Lucene search
K

CVE-2026-54029

🗓️ 25 Jun 2026 15:51:23Reported by GitHub_MType 
cve
 cve
🔗 web.nvd.nist.gov👁 17 Views🌐 WEB

LibreChat IDOR before 0.8.4-rc1 lets delete another user's messages due to missing user filter

Related
Detection
Affected
Refs
Paths
ReporterTitlePublishedViews
Family
GithubExploit
vulnerability-disclosures
14 Aug 202406:17
githubexploit
ATTACKERKB
CVE-2026-54029
25 Jun 202615:51
attackerkb
Circl
CVE-2024-41703
22 Jul 202407:46
circl
Circl
CVE-2026-54029
29 Jun 202616:42
circl
CVE
CVE-2024-41703
22 Jul 202400:00
cve
Cvelist
CVE-2024-41703
22 Jul 202400:00
cvelist
Cvelist
CVE-2026-54029 LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter
25 Jun 202615:51
cvelist
EUVD
EUVD-2026-39461
25 Jun 202615:51
euvd
NVD
CVE-2024-41703
22 Jul 202405:15
nvd
NVD
CVE-2026-54029
25 Jun 202617:16
nvd
Rows per page
NVD
Vulners
Node
librechatlibrechatRange0.8.3
[
  {
    "vendor": "danny-avila",
    "product": "LibreChat",
    "versions": [
      {
        "version": "< 0.8.4-rc1",
        "status": "affected"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
conversationIdpath/api/messages/:conversationId/:messageIdDELETE endpoint vulnerable to unauthorized deletion of others' messages due to missing user-scoped filter (fixed in 0.8.4-rc1).CWE-862
messageIdpath/api/messages/:conversationId/:messageIdDELETE endpoint vulnerable to unauthorized deletion of others' messages due to missing user-scoped filter (fixed in 0.8.4-rc1).CWE-862

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

29 Jun 2026 15:36Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.15.3 - 6.5
EPSS0.00353
SSVC
17