LibreChat — Vulnerabilities & Security Advisories 18

All 18 CVE vulnerabilities found in LibreChat, with AI-generated Chinese analysis, references, and POCs.

Vendor: danny-avila

CVE ID	Title	CVSS	Severity	Published
CVE-2026-34371	LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal CWE-22	6.3	Medium	2026-04-07
CVE-2026-31951	LibreChat's MCP Server Header Injection Enables OAuth Token Theft CWE-200	6.8	Medium	2026-03-27
CVE-2026-31950	LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats CWE-284	5.3	Medium	2026-03-27
CVE-2026-31945	LibreChat Server-Side Request Forgery using DNS resolution CWE-918	7.7	High	2026-03-27
CVE-2026-31943	LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP CWE-918	8.5	High	2026-03-27
CVE-2026-33265	LibreChat 安全漏洞 CWE-669	6.3	Medium	2026-03-18
CVE-2025-41258	LibreChat RAG API Authentication Bypass CWE-284	8.0	High	2026-03-18
CVE-2026-31949	LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos CWE-248	6.5	Medium	2026-03-13
CVE-2026-31944	LibreChat MCP OAuth callback does not validate browser session — allows token theft via redirect link CWE-306	7.6	High	2026-03-13
CVE-2026-22252	LibreChat MCP Stdio Remote Command Execution CWE-285	9.1	Critical	2026-01-12
CVE-2025-69222	LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions CWE-918	9.1	Critical	2026-01-07
CVE-2025-69221	LibreChat has Insufficient Access Control for Agent Permission Queries CWE-862	4.3	Medium	2026-01-07
CVE-2025-69220	LibreChat has Insufficient Access Control for Agent Files CWE-862	7.1	High	2026-01-07
CVE-2025-66452	LibreChat's lack of JSON parsing error handling can lead to XSS CWE-79	6.1^AI	Medium^AI	2025-12-11
CVE-2025-66451	LibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission Changes CWE-20	4.3^AI	Medium^AI	2025-12-11
CVE-2025-66450	LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload CWE-80	6.3^AI	Medium^AI	2025-12-11
CVE-2025-66201	LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability CWE-20	8.1	-	2025-11-29
CVE-2025-54868	LibreChat exposes arbitrary chats through Meilisearch engine CWE-285	7.5	High	2025-08-05

All 18 known CVE vulnerabilities affecting LibreChat with full Chinese analysis, references, and POCs where available.