CNNVD-202601-1154 Information
CNNVD ID
CNNVD-202601-1154
Related CVE
- CNNVD Published: 2026-01-07
Description (Chinese)
LibreChat是LibreChat开源的一个免费、高度可定制的统一 AI 对话平台,能够在一个界面中聚合并运行来自任意厂商的大模型。 LibreChat 0.8.1-rc2版本存在安全漏洞,该漏洞源于查询代理权限时访问控制不当,可能导致任意代理权限信息泄露。
Description (English)
LibreChat is a free, highly customized UAI dialogue platform at the LibreChat open source that can aggregate and run large models from any manufacturer in one interface. There is a security loophole in the LibreChat 0.8.1-rc2 version, which stems from inadequate access controls when searching agency privileges, which may lead to the disclosure of information on arbitrary agency privileges.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
LibreChat
Published
2026-01-07
Last Modified
2026-02-24
References
https://github.com/danny-avila/LibreChat/commit/06ba025bd95574c815ac6968454be7d3b024391c https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2 https://github.com/danny-avila/LibreChat/security/advisories/GHSA-5ccx-4r3h-9qc7
Patch
https://github.com/danny-avila/LibreChat/releases
Share on: