CNNVD-202601-1155 Information
CNNVD ID
CNNVD-202601-1155
Related CVE
- CNNVD Published: 2026-01-07
Description (Chinese)
LibreChat是LibreChat开源的一个免费、高度可定制的统一 AI 对话平台,能够在一个界面中聚合并运行来自任意厂商的大模型。 LibreChat 0.8.1-rc2版本存在安全漏洞,该漏洞源于对文件上传的访问控制不当,可能导致任意代理行为被修改。
Description (English)
LibreChat is a free, highly customized UAI dialogue platform at the LibreChat open source that can aggregate and run large models from any manufacturer in one interface. There is a security loophole in the LibreChat 0.8.1-rc2 version, which stems from inadequate access control over document uploads and may lead to changes in arbitrary representation.
Hazard Level
Medium
Vulnerability Type
其他
Affected Vendor
LibreChat
Published
2026-01-07
Last Modified
2026-02-24
References
https://cwe.mitre.org/data/definitions/284.html https://cwe.mitre.org/data/definitions/862.html https://github.com/danny-avila/LibreChat/commit/4b9c6ab1cb9de626736de700c7981f38be08d237 https://github.com/danny-avila/LibreChat/releases/tag/v0.8.2-rc2 https://github.com/danny-avila/LibreChat/security/advisories/GHSA-xcmf-rpmh-hg59 https://owasp.org/Top10/A01_2021-Broken_Access_Control https://owasp.org/www-project-web-security-testing-guide/v42/4-Web_Application_Security_Testing/05-Authorization_Testing/02-Testing_for_Bypassing_Authorization_Schema.html https://raw.githubusercontent.com/OWASP/ASVS/v5.0.0/5.0/OWASP_Application_Security_Verification_Standard_5.0.0_en.pdf
Patch
https://github.com/danny-avila/LibreChat/releases
Share on: