Lucene search
K

4 matches found

NVD
NVD
added 2026/06/02 11:16 p.m.19 views

CVE-2026-31942

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference IDOR vulnerability exists in the API keys management endpoint PUT /api/keys. Due to the use of the JavaScript object spread operator after setting...

7.1CVSS0.00206EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/27 7:23 p.m.24 views

CVE-2026-31945 LibreChat Server-Side Request Forgery using DNS resolution

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery SSRF attack when using agent actions or MCP. Although a previous SSRF vulnerability...

7.7CVSS0.00249EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2026/03/20 9:5 a.m.9 views

CVE-2026-33081 PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL function only checks the initial user-supplied URL, but the embedded Chromium browser can...

5.8CVSS5.8AI score0.00289EPSS
Exploits1References2
OSV
OSV
added 2026/03/20 9:5 a.m.4 views

CVE-2026-33081 PinchTab has Blind SSRF via browser-side redirect bypass in /download URL validation

PinchTab is a standalone HTTP server that gives AI agents direct control over a Chrome browser. Versions 0.8.2 and below have a Blind SSRF vulnerability in the /download endpoint. The validateDownloadURL function only checks the initial user-supplied URL, but the embedded Chromium browser can...

5.8CVSS6.3AI score0.00289EPSS
Exploits1References4
Rows per page
Query Builder