Lucene search
K

17 matches found

NVD
NVD
added 2026/03/18 12:16 p.m.5 views

CVE-2026-33265

In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API...

9CVSS0.00232EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2026/03/18 11:17 a.m.2 views

CVE-2026-33265

In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API...

6.3CVSS5.8AI score0.00232EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/03/18 12:0 a.m.11 views

LibreChat 安全漏洞

LibreChat is an open-source, free, and highly customizable unified AI dialogue platform. It allows for the aggregation and running of large models from any vendor within one interface. Version 0.8.1-rc2 of LibreChat contains a security vulnerability. This vulnerability stems from the use of the...

8CVSS5.8AI score0.00344EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2026/01/09 9:18 a.m.5 views

CVE-2025-69221

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the...

4.3CVSS6.7AI score0.00235EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/07 9:17 p.m.22 views

CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

9.1CVSS0.04094EPSS
Exploits1References3
OSV
OSV
added 2026/01/07 9:17 p.m.6 views

CVE-2025-69222 LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 is prone to a server-side request forgery SSRF vulnerability due to missing restrictions of the Actions feature in the default configuration. LibreChat enables users to configure agents with predefined instructions and actio...

9.1CVSS7AI score0.04094EPSS
Exploits1References5
NVD
NVD
added 2026/01/07 9:15 p.m.5 views

CVE-2025-69220

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...

7.1CVSS0.00282EPSS
Exploits1References8
Cvelist
Cvelist
added 2026/01/07 9:1 p.m.24 views

CVE-2025-69221 LibreChat has Insufficient Access Control for Agent Permission Queries

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the...

4.3CVSS0.00235EPSS
Exploits1References3
CVE
CVE
added 2026/01/07 9:1 p.m.12 views

CVE-2025-69221

CVE-2025-69221 concerns LibreChat, a ChatGPT–clone. In version 0.8.1-rc2, access control when querying agent permissions is insufficient: an authenticated attacker can read permissions for arbitrary agents, including permissions assigned to other users, even when they lack rights for that agent. ...

4.3CVSS6.3AI score0.00235EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/01/07 9:1 p.m.5 views

CVE-2025-69221 LibreChat has Insufficient Access Control for Agent Permission Queries

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control when querying agent permissions. An authenticated attacker can read the permissions of arbitrary agents, even if they have no permissions for this agent. LibreChat allows the...

4.3CVSS6.6AI score0.00235EPSS
Exploits1References5
Cvelist
Cvelist
added 2026/01/07 8:49 p.m.25 views

CVE-2025-69220 LibreChat has Insufficient Access Control for Agent Files

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file uploads to an agents file context and file search. An authenticated attacker with access to the agent ID can change the behavior of arbitrary agents by uploading new files to t...

7.1CVSS0.00282EPSS
Exploits1References8
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.3 views

LibreChat 安全漏洞

LibreChat is a free, highly customizable, unified AI conversation platform open-sourced by LibreChat, capable of aggregating and running large models from any vendor in a single interface. A security vulnerability exists in LibreChat version 0.8.1-rc2, which stems from improper access control whe...

4.3CVSS6.5AI score0.00235EPSS
Exploits1References3
CNNVD
CNNVD
added 2026/01/07 12:0 a.m.6 views

LibreChat 安全漏洞

LibreChat is a free, highly customizable, unified AI conversation platform open-sourced by LibreChat, capable of aggregating and running large models from any vendor in a single interface. A security vulnerability exists in LibreChat version 0.8.1-rc2, which stems from improper access control for...

7.1CVSS6.7AI score0.00282EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/12/04 6:17 p.m.19 views

CVE-2025-66201

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

8.6CVSS6.7AI score0.00255EPSS
Exploits1References1
NVD
NVD
added 2025/11/29 2:15 a.m.10 views

CVE-2025-66201

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

8.6CVSS0.00255EPSS
Exploits1References1
Cvelist
Cvelist
added 2025/11/29 1:26 a.m.11 views

CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

8.6CVSS0.00255EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2025/11/29 1:26 a.m.3 views

CVE-2025-66201 LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery SSRF, by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with...

8.6CVSS6.3AI score0.00255EPSS
Exploits1References1
Rows per page
Query Builder