CNNVD-202602-115 Information

CNNVD ID

CNNVD-202602-115

Related CVE

CVE-2025-7105

• CNNVD Published: 2026-02-02

Description (Chinese)

LibreChat是LibreChat开源的一个免费、高度可定制的统一 AI 对话平台，能够在一个界面中聚合并运行来自任意厂商的大模型。 LibreChat存在资源管理错误漏洞，该漏洞源于/api/convos/fork中无限制的Fork函数可能被滥用以快速分叉大量内容，当内容包含具有大量节点的Mermaid图时，可能引发拒绝服务。

Description (English)

LibreChat is a free, highly customized UAI dialogue platform at the LibreChat open source that can aggregate and run large models from any manufacturer in one interface. LibreChat had a resource management error loophole that originated from the unlimited Fork function in /api/convos/fork, which could be misused to strut large amounts of content quickly, and could trigger the denial of services when it contained Mermaid maps with a large number of nodes.

Hazard Level

High

Vulnerability Type

资源管理错误

Affected Vendor

LibreChat

Published

2026-02-02

Last Modified

2026-02-24

References

https://github.com/danny-avila/librechat/commit/97a99985fa339db0a21ad63604e0bb8db4442ffc https://huntr.com/bounties/e44f0740-48bd-443b-8826-528e6afe9e34 https://access.redhat.com/security/cve/cve-2025-7105