{"data":{"id":"1e086796-80dd-4f3e-9839-041ac5ffc2b8","title":"CVE-2026-54033: LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users t","summary":"LibreChat, a ChatGPT-like tool that works with multiple AI providers, had a security flaw in versions before 0.8.4-rc1 where authenticated users could configure custom API endpoints without proper validation, potentially allowing them to access internal network addresses through SSRF (server-side request forgery, where a server is tricked into making requests to unintended targets).","solution":"Update LibreChat to version 0.8.4-rc1 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54033","publishedAt":"2026-06-25T17:16:40.783Z","cveId":"CVE-2026-54033","cweIds":["CWE-918"],"cvssScore":"7.7","cvssSeverity":"high","severity":"high","attackType":["rag_poisoning"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI"],"affectedVendorsRaw":["LibreChat","OpenAI"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-25T17:16:40.783Z","capecIds":["CAPEC-664"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0020","AML.T0051.001"]}}