2 matches found
EUVD-2026-39464
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 commit bb58a2d0 added limits: fileSize to createMulterInstance in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that w...
CVE-2026-54040
Summary of CVE-2026-54040 (LibreChat): Before version 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring a valid TOTP token or existing backup code verification. An attacker with a stolen session token can silently replace a victim’s 2F...