CNNVD-202601-1141 Information
CNNVD ID
CNNVD-202601-1141
Related CVE
- CNNVD Published: 2026-01-07
Description (Chinese)
LibreChat是LibreChat开源的一个免费、高度可定制的统一 AI 对话平台,能够在一个界面中聚合并运行来自任意厂商的大模型。 LibreChat 0.8.1-rc2版本存在代码问题漏洞,该漏洞源于默认配置中Actions功能缺少限制,可能导致服务端请求伪造。
Description (English)
LibreChat is a free, highly customized UAI dialogue platform at the LibreChat open source that can aggregate and run large models from any manufacturer in one interface. LibreChat 0.8.1-rc2 has a code problem loophole, which stems from the lack of restrictions on the functionality of Actions in the default configuration and may lead to the forgery of service-level requests.
Hazard Level
Low
Vulnerability Type
代码问题
Affected Vendor
LibreChat
Published
2026-01-07
Last Modified
2026-02-24
References
https://github.com/danny-avila/LibreChat/commit/3b41e392ba5c0d603c1737d8582875e04eaa6e02 https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2 https://github.com/danny-avila/LibreChat/security/advisories/GHSA-rgjq-4q58-m3q8
Patch
https://github.com/danny-avila/LibreChat/releases
Share on: