All 7 CVE vulnerabilities found in Langchain-Chatchat, with AI-generated Chinese analysis, references, and POCs.
Vendor: chatchat-space
| CVE ID | Title | CVSS | Severity | Published |
|---|---|---|---|---|
| CVE-2026-7847 | chatchat-space Langchain-Chatchat Uploaded File openai_routes.py _get_file_id random values CWE-330 | 2.6 | Low | 2026-05-05 |
| CVE-2026-7846 | chatchat-space Langchain-Chatchat OpenAI-Compatible File Upload API openai_routes.py files toctou CWE-367 | 2.6 | Low | 2026-05-05 |
| CVE-2026-7845 | chatchat-space Langchain-Chatchat Vision Chat Paste Image dialogue.py PIL.Image.tobytes weak hash CWE-328 | 2.6 | Low | 2026-05-05 |
| CVE-2026-7844 | chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication CWE-306 | 6.3 | Medium | 2026-05-05 |
| CVE-2025-6855 | chatchat-space Langchain-Chatchat file path traversal CWE-22 | 5.5 | Medium | 2025-06-29 |
| CVE-2025-6854 | chatchat-space Langchain-Chatchat files path traversal CWE-22 | 4.3 | Medium | 2025-06-29 |
| CVE-2025-6853 | chatchat-space Langchain-Chatchat Backend upload_temp_docs path traversal CWE-22 | 6.3 | Medium | 2025-06-29 |
All 7 known CVE vulnerabilities affecting Langchain-Chatchat with full Chinese analysis, references, and POCs where available.