Server-Side Request Forgery Vulnerability in LibreChat by Danny Avila
CVE-2026-31945

7.7HIGH

Key Information:

Vendor: Danny-avila
Status: Librechat
Vendor: CVE Published:; 27 March 2026

🔔 Create Danny-avila Vulnerability Alert

What is CVE-2026-31945?

LibreChat, a ChatGPT clone with unique features, is vulnerable to a server-side request forgery (SSRF) attack in its versions 0.8.2-rc2 and 0.8.2. This vulnerability arises when utilizing agent actions or MCP, allowing attackers to exploit a flaw in the hostname validation process. Although a previous advisory addressed a related SSRF risk, the implemented fix failed to fully validate DNS resolutions against private IP addresses. Consequently, attackers can potentially access sensitive internal resources, including an internal RAG API or cloud instance metadata endpoints. Users are encouraged to update to version 0.8.3-rc1, which includes a critical patch to address this issue.

Affected Version(s)

LibreChat >= 0.8.2-rc2, < 0.8.3-rc1

References

https://github.com/danny-avila/LibreChat/security/advisor...

x_refsource_CONFIRM

CVSS V3.1

Score:

7.7

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 27, 2026
Vulnerability Reserved
Mar 10, 2026

CVE-2026-31945 Data

JSON