CVE-2026-54040

Summary of the CVE-2026-54040 (LibreChat) : The vulnerability affects LibreChat builds prior to 0.8.4-rc1, in the 2FA flow. The POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker who has...

PT-2022-24852 · WordPress · Wp Oauth Server

Name of the Vulnerable Software and Affected Versions: WP OAuth Server OAuth Authentication versions prior to 3.4.2 Description: The issue concerns a lack of CSRF check when regenerating secrets. This could allow attackers to make logged-in admins regenerate the secret of an arbitrary client, giv...