Vulnerabilities

Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.

Filtering: Tag: librechat Clear
ID Title
CVE-2026-54037 Vulnerability in librechat (CVE-2026-54037)
vulnerability in librechat (CVE-2026-54037). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/convos/fork`. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54040 Vulnerability in librechat (CVE-2026-54040)
vulnerability in librechat (CVE-2026-54040). Data can be tampered with by attackers. Exploitable via `POST /api/auth/2fa/backup/regenerate`. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54024 Vulnerability in librechat (CVE-2026-54024)
vulnerability in librechat (CVE-2026-54024). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/convos/import`. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54025 Cross-Site Scripting (XSS) in librechat (CVE-2026-54025)
cross-site scripting in librechat (CVE-2026-54025). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54027 Vulnerability in librechat (CVE-2026-54027)
vulnerability in librechat (CVE-2026-54027). Data can be tampered with by attackers. Exploitable via `POST /api/files/images`. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54029 Vulnerability in librechat (CVE-2026-54029)
vulnerability in librechat (CVE-2026-54029). Data can be tampered with by attackers. Exploitable via `DELETE /api/messages/`. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54030 Vulnerability in librechat (CVE-2026-54030)
vulnerability in librechat (CVE-2026-54030). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.5` or later.
CVE-2026-54033 SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54033)
SSRF in ssrf (CVE-2026-54033). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-54036 Vulnerability in librechat (CVE-2026-54036)
vulnerability in librechat (CVE-2026-54036). Data can be tampered with by attackers. Exploitable via `GET /api/auth/2fa/enable`. Mitigation: upgrade to `0.8.4-rc1` or later.
CVE-2026-44653 Vulnerability in librechat (CVE-2026-44653)
vulnerability in librechat (CVE-2026-44653). Confidential information can be exposed externally. Exploitable via `GET /api/mcp/servers`.
CVE-2026-44654 Authorization Flaw in librechat (CVE-2026-44654)
vulnerability in librechat (CVE-2026-44654). Data can be tampered with by attackers. Exploitable via `DELETE /api/files`.
CVE-2026-31942 Vulnerability in librechat (CVE-2026-31942)
vulnerability in librechat (CVE-2026-31942). Data can be tampered with by attackers. Exploitable via `PUT /api/keys`.
CVE-2026-32625 Information Disclosure in librechat (CVE-2026-32625)
vulnerability in librechat (CVE-2026-32625). Confidential information can be exposed externally.
CVE-2026-4276 Code Injection in librechat (CVE-2026-4276)
code injection in librechat (CVE-2026-4276). Data can be tampered with by attackers.

🍪 About cookies

We use cookies to keep you logged in, remember your language, and improve the service.

Details →