Server-side Vulnerability in LibreChat by Danny Avila
CVE-2026-32625

9.6CRITICAL

Key Information:

Vendor: Danny-avila
Status: Librechat
Vendor: CVE Published:; 2 June 2026

🔔 Create Danny-avila Vulnerability Alert

What is CVE-2026-32625?

LibreChat, a versatile ChatGPT clone developed by Danny Avila, has a vulnerability in its Model Context Protocol (MCP) server integration. In versions up to and including 0.8.3, the application mistakenly resolves ${VAR} placeholders against the server's environment variables during Zod schema validation of user-supplied MCP server URLs. This flaw allows authenticated users to craft malicious MCP server configurations leading to unauthorized connections with an attacker-controlled domain. The implications are severe, as this could lead to the exposure of sensitive information such as CREDS_KEY, CREDS_IV, JWT_SECRET, and MONGO_URI. Users of affected versions are strongly advised to upgrade to version 0.8.4-rc1 where this vulnerability has been addressed.

Affected Version(s)

LibreChat < 0.8.4-rc1

References

https://github.com/danny-avila/LibreChat/security/advisor...

x_refsource_CONFIRM

CVSS V3.1

Score:

9.6

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 2, 2026
Vulnerability Reserved
Mar 12, 2026

CVE-2026-32625 Data

JSON