| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2026-34371 | LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal | danny-avila | LibreChat | Medium | 6.3 | 2026-04-07 21:08:13 | Deep Dive |
| CVE-2026-31951 | LibreChat's MCP Server Header Injection Enables OAuth Token Theft | danny-avila | LibreChat | Medium | 6.8 | 2026-03-27 19:29:26 | Deep Dive |
| CVE-2026-31950 | LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats | danny-avila | LibreChat | Medium | 5.3 | 2026-03-27 19:25:25 | Deep Dive |
| CVE-2026-31945 | LibreChat Server-Side Request Forgery using DNS resolution | danny-avila | LibreChat | High | 7.7 | 2026-03-27 19:23:53 | Deep Dive |
| CVE-2026-31943 | LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP | danny-avila | LibreChat | High | 8.5 | 2026-03-27 19:21:51 | Deep Dive |
| CVE-2026-33265 | LibreChat 安全漏洞 | LibreChat | LibreChat | Medium | 6.3 | 2026-03-18 11:17:45 | Deep Dive |
| CVE-2025-41258 | LibreChat RAG API Authentication Bypass | danny-avila | LibreChat | High | 8.0 | 2026-03-18 11:08:20 | Deep Dive |
| CVE-2026-4276 | LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries. | LibreChat | RAG API | - | - | 2026-03-16 15:31:36 | Deep Dive |
| CVE-2026-31949 | LibreChat Denial of Service (DoS) via Unhandled Exception in DELETE /api/convos | danny-avila | LibreChat | Medium | 6.5 | 2026-03-13 19:47:25 | Deep Dive |
| CVE-2026-31944 | LibreChat MCP OAuth callback does not validate browser session — allows token theft via redirect link | danny-avila | LibreChat | High | 7.6 | 2026-03-13 19:44:31 | Deep Dive |
| CVE-2025-7105 | Denial of Service via JavaScript Memory Overflow in danny-avila/librechat | danny-avila | danny-avila/librechat | - | - | 2026-02-02 10:36:24 | Deep Dive |
| CVE-2026-22252 | LibreChat MCP Stdio Remote Command Execution | danny-avila | LibreChat | Critical | 9.1 | 2026-01-12 18:01:48 | Deep Dive |
| CVE-2025-69222 | LibreChat is vulnerable to Server-Side Request Forgery due to missing restrictions | danny-avila | LibreChat | Critical | 9.1 | 2026-01-07 21:17:18 | Deep Dive |
| CVE-2025-69221 | LibreChat has Insufficient Access Control for Agent Permission Queries | danny-avila | LibreChat | Medium | 4.3 | 2026-01-07 21:01:14 | Deep Dive |
| CVE-2025-69220 | LibreChat has Insufficient Access Control for Agent Files | danny-avila | LibreChat | High | 7.1 | 2026-01-07 20:49:00 | Deep Dive |
| CVE-2025-66452 | LibreChat's lack of JSON parsing error handling can lead to XSS | danny-avila | LibreChat | - | - | 2025-12-11 22:52:20 | Deep Dive |
| CVE-2025-66451 | LibreChat's Improper Input Validation in Prompt Creation API Enables Unauthorized Permission Changes | danny-avila | LibreChat | - | - | 2025-12-11 22:33:24 | Deep Dive |
| CVE-2025-66450 | LibreChat JSON Injection in Chat POST Allows Remote Resource Inclusion and PXSS via Image Upload | danny-avila | LibreChat | - | - | 2025-12-11 22:05:47 | Deep Dive |
| CVE-2025-66201 | LibreChat is Vulnerable to Server-Side Request Forgery (SSRF) in Actions Capability | danny-avila | LibreChat | 中危 | - | 2025-11-29 01:26:19 | Deep Dive |
| CVE-2025-8849 | Denial of Service in danny-avila/librechat | danny-avila | danny-avila/librechat | 中危 | - | 2025-10-30 23:42:42 | Deep Dive |