Lucene search
K

447 matches found

NVD
NVD
added 2026/03/27 8:16 p.m.8 views

CVE-2026-31945

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS0.00249EPSS
Exploits1References1
NVD
NVD
added 2026/03/27 8:16 p.m.5 views

CVE-2026-31943

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS0.00213EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:29 p.m.4 views

CVE-2026-31951

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

6.8CVSS6AI score0.00244EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/27 7:29 p.m.22 views

CVE-2026-31951 LibreChat's MCP Server Header Injection Enables OAuth Token Theft

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

6.8CVSS0.00244EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 7:29 p.m.4 views

EUVD-2026-16769

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

6.8CVSS6AI score0.00244EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 7:29 p.m.9 views

CVE-2026-31951

Vulnerability summary : LibreChat’s MCP server feature (versions 0.8.2-rc1 to 0.8.3-rc1) allows arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can host a malicious MCP server with headers like {{LIBRECHAT_OPENID_ACCESS_TOKEN}} to exfiltrate victims’ OAuth tok...

6.8CVSS6AI score0.00244EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 7:29 p.m.3 views

CVE-2026-31951 LibreChat's MCP Server Header Injection Enables OAuth Token Theft

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

6.8CVSS6AI score0.00244EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 7:29 p.m.7 views

CVE-2026-31951 LibreChat's MCP Server Header Injection Enables OAuth Token Theft

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP Model Context Protocol servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containin...

6.8CVSS6AI score0.00244EPSS
Exploits1References3
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:25 p.m.1 views

CVE-2026-31950

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint /api/agents/chat/stream/:streamId does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and...

5.3CVSS5.9AI score0.00208EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2026/03/27 7:25 p.m.25 views

CVE-2026-31950 LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint /api/agents/chat/stream/:streamId does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and...

5.3CVSS0.00208EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/27 7:25 p.m.4 views

CVE-2026-31950 LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint /api/agents/chat/stream/:streamId does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and...

5.3CVSS5.9AI score0.00208EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 7:25 p.m.4 views

EUVD-2026-16767

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint /api/agents/chat/stream/:streamId does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and...

5.3CVSS5.9AI score0.00208EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 7:25 p.m.5 views

CVE-2026-31950 LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint /api/agents/chat/stream/:streamId does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and...

5.3CVSS5.9AI score0.00208EPSS
Exploits1References3
CVE
CVE
added 2026/03/27 7:25 p.m.12 views

CVE-2026-31950

LibreChat exposes an IDOR in SSE stream subscriptions. In versions 0.8.2-rc2 through 0.8.2-rc3, the endpoint /api/agents/chat/stream/:streamId does not verify stream ownership, allowing any authenticated user who guesses or obtains a valid streamId to subscribe and read another user’s real-time c...

5.3CVSS5.9AI score0.00208EPSS
Exploits1References1Affected Software1
ATTACKERKB
ATTACKERKB
added 2026/03/27 7:23 p.m.4 views

CVE-2026-31945

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/27 7:23 p.m.3 views

CVE-2026-31945 LibreChat Server-Side Request Forgery using DNS resolution

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References1
EUVD
EUVD
added 2026/03/27 7:23 p.m.2 views

EUVD-2026-16765

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References1
CVE
CVE
added 2026/03/27 7:23 p.m.13 views

CVE-2026-31945

LibreChat (versions 0.8.2-rc2 to 0.8.2) is vulnerable to SSRF via DNS resolution in agent actions or MCP. The issue arises because prior fixes only added hostname validation and do not verify whether DNS results map to private IPs, allowing access to internal resources (e.g., internal RAG API or ...

7.7CVSS5.9AI score0.00249EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2026/03/27 7:21 p.m.20 views

CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS0.00213EPSS
Exploits1References1
OSV
OSV
added 2026/03/27 7:21 p.m.7 views

CVE-2026-31943 LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, isPrivateIP in packages/api/src/auth/domain.ts fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests ...

8.5CVSS5.9AI score0.00213EPSS
Exploits1References3
Rows per page
Query Builder