CVE-2026-31945— LibreChat Server-Side Request Forgery using DNS resolution

LibreChat Server-Side Request Forgery using DNS resolution

LibreChat is a ChatGPT clone with additional features. Versions 0.8.2-rc2 through 0.8.2 are vulnerable to a server-side request forgery (SSRF) attack when using agent actions or MCP. Although a previous SSRF vulnerability (https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8) was reported and patched, the fix only introduced hostname validation. It does not verify whether DNS resolution results in a private IP address. As a result, an attacker can still bypass the protection and gain access to internal resources, such as an internal RAG API or cloud instance metadata endpoints. Version 0.8.3-rc1 contains a patch.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N

服务端请求伪造(SSRF)

LibreChat 代码问题漏洞

LibreChat是LibreChat开源的一个免费、高度可定制的统一 AI 对话平台，能够在一个界面中聚合并运行来自任意厂商的大模型。 LibreChat 0.8.2-rc2至0.8.2版本存在代码问题漏洞，该漏洞源于使用代理操作或MCP时存在服务端请求伪造攻击，主机名验证未检查DNS解析结果是否为私有IP地址，可能导致攻击者绕过保护并访问内部资源。

N/A

N/A