CNNVD-202601-1819 Information
CNNVD ID
CNNVD-202601-1819
Related CVE
- CNNVD Published: 2026-01-12
Description (Chinese)
LibreChat是LibreChat开源的一个免费、高度可定制的统一 AI 对话平台,能够在一个界面中聚合并运行来自任意厂商的大模型。 LibreChat v0.8.2-rc2之前版本存在授权问题漏洞,该漏洞源于MCP stdio传输接受任意命令且未经验证,可能导致任何经过身份验证的用户通过单个API请求以root身份在容器内执行shell命令。
Description (English)
LibreChat is a free, highly customized UAI dialogue platform at the LibreChat open source that can aggregate and run large models from any manufacturer in one interface. The previous version of LibreChat v0.8.2-rc2 had a mandate gap, which stemmed from the fact that MCP stdio transmissions were subject to arbitrary orders and were not certified, and could result in any identified user requesting to execute shell orders in containers as a root through a single API.
Hazard Level
Low
Vulnerability Type
授权问题
Affected Vendor
LibreChat
Published
2026-01-12
Last Modified
2026-02-24
References
https://github.com/danny-avila/LibreChat/commit/211b39f3113d4e6ecab84be0a83f4e9c9dea127f https://github.com/danny-avila/LibreChat/security/advisories/GHSA-cxhj-j78r-p88f
Patch
https://github.com/danny-avila/LibreChat/tags
Share on: