2 matches found
CVE-2025-7106
danny-avila/librechat is affected by an authorization bypass vulnerability due to improper access control checks. The checkAccess function in api/server/middleware/roles/access.js uses permissions.some to validate permissions, which incorrectly grants access if only one of multiple required...
CVE-2025-7106
CVE-2025-7106 : In danny-avila/librechat, an authorization bypass is caused by the checkAccess function in api/server/middleware/roles/access.js using permissions.some() to validate required permissions. This logic can grant access if any one of multiple permissions is present, allowing users wit...