Lucene search
K

4 matches found

CVE
CVE
added 2026/06/02 10:35 p.m.44 views

CVE-2026-32625

LibreChat vulnerability CVE-2026-32625 affects versions up to 0.8.3 where MCP server URL validation expands ${VAR} against process.env during Zod schema checks. An authenticated user can configure a malicious MCP URL to exfiltrate secrets (CREDS_KEY, CREDS_IV, JWT_SECRET, MONGO_URI) to an attacke...

9.6CVSS5.8AI score0.0294EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/02 10:35 p.m.8 views

CVE-2026-32625 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS5.8AI score0.0294EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/06/02 10:35 p.m.36 views

CVE-2026-32625 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

9.6CVSS0.0294EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.6 views

LibreChat 信息泄露漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within a single interface. Versions of LibreChat 0.8.3 and earlier contained a security vulnerability known as information leakage. Th...

9.6CVSS5.4AI score0.0294EPSS
Exploits1References1
Rows per page
Query Builder