{"data":{"id":"058dcd7f-2c10-4687-8b18-474b656f32e1","title":"CVE-2026-31949: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exist","summary":"LibreChat, a ChatGPT alternative with extra features, has a vulnerability in versions before 0.8.3-rc1 where an authenticated attacker can crash the server by sending malformed requests to a specific endpoint. The bug occurs because the code tries to extract data from a request without checking if it exists first, causing an unhandled error (a TypeError, which is a type of programming mistake) that shuts down the entire Node.js server process.","solution":"Update LibreChat to version 0.8.3-rc1 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-31949","publishedAt":"2026-03-13T19:54:39.753Z","cveId":"CVE-2026-31949","cweIds":["CWE-248"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LibreChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-03-13T19:54:39.753Z","capecIds":null,"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}