LibreChat MCP Stdio Remote Command Execution Summary Package: LibreChat MCP Stdio (LibreChat) Affected Version: 0.8.2-rc1 Patched Version: 0.8.2-rc2 Severity: Critical Vulnerability Information Type: Authenticated Remote Code Execution as Root Tested Version: v0.8.2-rc1 Attack Vector: Network Authentication Required: Yes (any registered user) User Interaction: None Why It Works Insecure Default Permissions No Input Validation Immediate Execution CVSS v3 Base Metrics Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High Score: 9.1/10 Vulnerable Code Path Entry Point: API Schema: Execution Sink: PoC Reproduction Steps - Clone and Run Official LibreChat - Execute the Exploit - Method 1: Basic Exploit (Without Output Retrieval) - Method 2: Exploit with Output Retrieval Impact Data Exfiltration Host Filesystem Access Lateral Movement Supply Chain Attack Credential Theft