CVE-2026-44654

8.1 HIGH

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers

Published: 2026-06-02 · Last updated: 2026-06-04

Severity and scoring

CVSS: 8.1 HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
CWE: CWE-863

Affected products

Vendor	Product
librechat	librechat

Description

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the owner has reused across multiple agents. The deletion removes the file globally — not just from the shared agent — breaking the owner's other private agents that reference the same `file_id`. The private agent retains a stale `file_id` reference that no longer resolves. A shared-agent editor can destroy files that the owner uses across multiple agents. The owner's private agents — which the attacker has no access to — break silently with stale `file_id` references. This is a cross-agent integrity violation: editing access to one agent should not affect another. Version 0.8.4 contains a patch.

Source: NVD

References

[NVD]https://nvd.nist.gov/vuln/detail/CVE-2026-44654
[Vendor advisory]https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f8jg-v856-mf6q
[Vendor advisory]https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f8jg-v856-mf6q

Related CVEs

Same vendor

CVE-2026-44653 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers (6.5 MEDIUM)
CVE-2026-32625 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers (9.6 CRITICAL)
CVE-2026-31942 — LibreChat is an enhanced ChatGPT clone that supports multiple AI providers (7.1 HIGH)
CVE-2026-4276 — LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries (7.5 HIGH)

Same CWE

CVE-2026-49219 — ImageMagick is free and open-source software used for editing and manipulating digital images (5.5 MEDIUM)
CVE-2026-53738 — Copy & Delete Posts through 1.5.4 lets any plugin-enabled non-admin role invoke every operation in the cdp_action_handling AJAX handler (8.1 HIGH)
CVE-2026-49824 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (8.5 HIGH)
CVE-2026-49823 — Fission is an open-source, Kubernetes-native serverless framework that simplifies the deployment of functions and applications on Kubernetes (7.7 HIGH)
CVE-2026-48860 — Reliance on IP Address for Authentication vulnerability in Erlang/OTP ssl (inet_tls_dist module) allows unauthenticated bypass of the dis...