Known Vulnerabilities for products from Librechat
Listed below are 19 of the newest known vulnerabilities associated with the vendor "Librechat".
These CVEs are retrieved based on exact matches on listed vendor information (CPE data) as well as a keyword search to ensure the newest vulnerabilities with no officially listed vendor information are still displayed.
Data on known vulnerable products is also displayed based on information from known CPEs, each product links to its respective vulnerability page.
Known Vulnerabilities
| CVE | Shortened Description | Severity | Publish Date | Last Modified |
|---|---|---|---|---|
| CVE-2026-54040 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup... | Not Provided | 2026-06-25 | 2026-06-29 |
| CVE-2026-54037 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 add... | Not Provided | 2026-06-25 | 2026-06-29 |
| CVE-2026-54036 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable ... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-54033 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to con... | Not Provided | 2026-06-25 | 2026-06-29 |
| CVE-2026-54030 json | Not Provided | 2026-06-25 | 2026-06-26 | |
| CVE-2026-54029 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:con... | Not Provided | 2026-06-25 | 2026-06-29 |
| CVE-2026-54027 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images en... | Not Provided | 2026-06-25 | 2026-06-26 |
| CVE-2026-54025 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in L... | Not Provided | 2026-06-25 | 2026-06-29 |
| CVE-2026-54024 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 (c... | Not Provided | 2026-06-25 | 2026-06-29 |
| CVE-2026-44654 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-a... | Not Provided | 2026-06-02 | 2026-06-04 |
| CVE-2026-44653 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users with... | Not Provided | 2026-06-02 | 2026-06-04 |
| CVE-2026-34371 json | LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execut... | Not Provided | 2026-04-07 | 2026-04-14 |
| CVE-2026-32625 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model ... | Not Provided | 2026-06-02 | 2026-06-04 |
| CVE-2026-31951 json | LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model Conte... | Not Provided | 2026-03-27 | 2026-03-30 |
| CVE-2026-31950 json | LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/... | Not Provided | 2026-03-27 | 2026-03-30 |
| CVE-2026-31945 json | LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side reque... | Not Provided | 2026-03-27 | 2026-03-30 |
| CVE-2026-31943 json | LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/doma... | Not Provided | 2026-03-27 | 2026-03-31 |
| CVE-2026-31942 json | LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecur... | Not Provided | 2026-06-02 | 2026-06-04 |
| CVE-2026-4276 json | LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries. | Not Provided | 2026-03-16 | 2026-06-05 |