CVE-2026-44654— LibreChat: Shared-agent editor can globally delete owner's file records — breaks owner's other private agents
Possible ATT&CK Techniques 2AI
T1068 · Exploitation for Privilege Escalation T1485 · Data DestructionGet alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-44654
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
LibreChat: Shared-agent editor can globally delete owner's file records — breaks owner's other private agents
Source: NVD (National Vulnerability Database)
Vulnerability Description
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the owner has reused across multiple agents. The deletion removes the file globally — not just from the shared agent — breaking the owner's other private agents that reference the same `file_id`. The private agent retains a stale `file_id` reference that no longer resolves. A shared-agent editor can destroy files that the owner uses across multiple agents. The owner's private agents — which the attacker has no access to — break silently with stale `file_id` references. This is a cross-agent integrity violation: editing access to one agent should not affect another. Version 0.8.4 contains a patch.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
授权机制不正确
Source: NVD (National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| danny-avila | LibreChat | < 0.8.5 | - |
II. Public POCs for CVE-2026-44654
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-44654
请登录查看更多情报信息。
Vendor Advisories for CVE-2026-44654 (1)
Same Patch Batch · danny-avila · 2026-06-02 · 4 CVEs total
| CVE-2026-32625 | 9.6 CRITICAL | LibreChat Exfiltrates Server Secrets via MCP Server URL Injection |
| CVE-2026-31942 | 7.1 HIGH | LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite |
| CVE-2026-44653 | 6.5 MEDIUM | LibreChat Shared MCP Server View Leaks Decrypted Admin Secrets |
IV. Related Vulnerabilities
Same product: LibreChat
- CVE-2026-44653
LibreChat Shared MCP Server View Leaks Decrypted Admin Secre - CVE-2026-32625
LibreChat Exfiltrates Server Secrets via MCP Server URL Inje - CVE-2026-31942
LibreChat has IDOR in API Keys Management that allows any au - CVE-2026-34371
LibreChat Affected by Arbitrary File Write via `execute_code - CVE-2026-31951
LibreChat's MCP Server Header Injection Enables OAuth Token
Same vendor: danny-avila
- CVE-2026-44653
LibreChat Shared MCP Server View Leaks Decrypted Admin Secre - CVE-2026-32625
LibreChat Exfiltrates Server Secrets via MCP Server URL Inje - CVE-2026-31942
LibreChat has IDOR in API Keys Management that allows any au - CVE-2026-34371
LibreChat Affected by Arbitrary File Write via `execute_code - CVE-2026-31951
LibreChat's MCP Server Header Injection Enables OAuth Token
Same weakness: CWE-863
- CVE-2026-35482
alf.io has an Authenticated RCE via Extension Script Sandbox - CVE-2026-3514
Authentication Bypass in prefecthq/prefect - CVE-2026-9048
Slider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization t - CVE-2026-45426
Apache Airflow: Log server JWT authorization bypass via Pyth - CVE-2026-10211
AstrBotDevs AstrBot fs.py _normalize_rw_path authorization
V. Comments for CVE-2026-44654
No comments yet