CVE-2026-31943
LibreChat prior to 0.8.3 contains an SSRF protection bypass in isPrivateIP() (packages/api/src/auth/domain.ts) that fails to detect IPv4‑mapped IPv6 addresses in hex-normalized form. This allows any authenticated user to cause the server to issue HTTP requests to internal resources (e.g., AWS 169...