Lucene search
+L

4 matches found

osv
osv
added 2026/03/27 7:29 p.m.9 views

CVE-2026-31951 LibreChat's MCP Server Header Injection Enables OAuth Token Theft

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

6.8CVSS6AI score0.00244EPSS
Exploits1References3
cvelist
cvelist
added 2026/03/27 7:29 p.m.24 views

CVE-2026-31951 LibreChat's MCP Server Header Injection Enables OAuth Token Theft

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

6.8CVSS0.00244EPSS
Exploits1References1
attackerkb
attackerkb
added 2026/03/27 7:29 p.m.6 views

CVE-2026-31951

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

6.8CVSS6AI score0.00244EPSS
Exploits1References2Affected Software1
cnnvd
cnnvd
added 2026/03/27 12:0 a.m.11 views

LibreChat 信息泄露漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within one interface. Versions of LibreChat from 0.8.2-rc1 to 0.8.3-rc1 have a vulnerability related to information leakage. This...

6.8CVSS5.9AI score0.00244EPSS
Exploits1References2
Rows per page
Query Builder