CVE-2026-32625

9.6 CRITICAL

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers

Published: 2026-06-02 · Last updated: 2026-06-04

Severity and scoring

CVSS: 9.6 CRITICAL
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N
CWE: CWE-200

Affected products

Vendor	Product
librechat	librechat

Description

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) server integration resolves ${VAR} placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any authenticated user can create a malicious MCP server configuration with a URL pointing to an attacker-controlled domain containing environment variable references, causing the LibreChat server to connect to the attacker's server and transmit critical secrets such as CREDS_KEY, CREDS_IV, JWT_SECRET, and MONGO_URI in the request URL. This enables full compromise of the installation's cryptographic materials and database credentials without requiring administrative privileges. This is patched in version 0.8.4-rc1.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-32625
[Vendor advisory]https://github.com/danny-avila/LibreChat/security/advisories/GHSA-4pcc-j6m6-wcwx
[Vendor advisory]https://github.com/danny-avila/LibreChat/security/advisories/GHSA-4pcc-j6m6-wcwx

Related CVEs

Same vendor

CVE-2026-44654 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers (8.1 HIGH)
CVE-2026-44653 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers (6.5 MEDIUM)
CVE-2026-31942 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers (7.1 HIGH)
CVE-2026-4276 — LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries (7.5 HIGH)

Same CWE

CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
CVE-2026-47165 — ImageMagick is free and open-source software used for editing and manipulating digital images (4.1 MEDIUM)
CVE-2026-48855 — Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Erlang OTP ssh (ssh_sftpd module) allows File Discovery
CVE-2026-45329 — ESF-IDF is the Espressif Internet of Things (IOT) Development Framework (7.1 HIGH)
CVE-2026-36719 — An information disclosure vulnerability in the /api/v1/user/info endpoint of AgentChat v2.3.0 allows unauthenticated attackers to obtain ... (7.5 HIGH)