Vulnerabilities
Aggregated CVE / GHSA / KEV / OSV — filter by tag and category.
| ID | Title | |
|---|---|---|
| CVE-2026-54037 |
|
Vulnerability in librechat (CVE-2026-54037)
vulnerability in librechat (CVE-2026-54037). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/convos/fork`. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54040 |
|
Vulnerability in librechat (CVE-2026-54040)
vulnerability in librechat (CVE-2026-54040). Data can be tampered with by attackers. Exploitable via `POST /api/auth/2fa/backup/regenerate`. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54024 |
|
Vulnerability in librechat (CVE-2026-54024)
vulnerability in librechat (CVE-2026-54024). Risk of unauthorized operations or information disclosure. Exploitable via `POST /api/convos/import`. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54025 |
|
Cross-Site Scripting (XSS) in librechat (CVE-2026-54025)
cross-site scripting in librechat (CVE-2026-54025). Risk of unauthorized operations or information disclosure. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54027 |
|
Vulnerability in librechat (CVE-2026-54027)
vulnerability in librechat (CVE-2026-54027). Data can be tampered with by attackers. Exploitable via `POST /api/files/images`. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54029 |
|
Vulnerability in librechat (CVE-2026-54029)
vulnerability in librechat (CVE-2026-54029). Data can be tampered with by attackers. Exploitable via `DELETE /api/messages/`. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54030 |
|
Vulnerability in librechat (CVE-2026-54030)
vulnerability in librechat (CVE-2026-54030). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.5` or later.
|
| CVE-2026-54033 |
|
SSRF (Server-Side Request Forgery) in ssrf (CVE-2026-54033)
SSRF in ssrf (CVE-2026-54033). Confidential information can be exposed externally. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-54036 |
|
Vulnerability in librechat (CVE-2026-54036)
vulnerability in librechat (CVE-2026-54036). Data can be tampered with by attackers. Exploitable via `GET /api/auth/2fa/enable`. Mitigation: upgrade to `0.8.4-rc1` or later.
|
| CVE-2026-44653 |
|
Vulnerability in librechat (CVE-2026-44653)
vulnerability in librechat (CVE-2026-44653). Confidential information can be exposed externally. Exploitable via `GET /api/mcp/servers`.
|
| CVE-2026-44654 |
|
Authorization Flaw in librechat (CVE-2026-44654)
vulnerability in librechat (CVE-2026-44654). Data can be tampered with by attackers. Exploitable via `DELETE /api/files`.
|
| CVE-2026-31942 |
|
Vulnerability in librechat (CVE-2026-31942)
vulnerability in librechat (CVE-2026-31942). Data can be tampered with by attackers. Exploitable via `PUT /api/keys`.
|
| CVE-2026-32625 |
|
Information Disclosure in librechat (CVE-2026-32625)
vulnerability in librechat (CVE-2026-32625). Confidential information can be exposed externally.
|
| CVE-2026-4276 |
|
Code Injection in librechat (CVE-2026-4276)
code injection in librechat (CVE-2026-4276). Data can be tampered with by attackers.
|