{"data":{"id":"25e990c8-e05e-438d-b25e-986ebc0deef9","title":"CVE-2026-54029: LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages","summary":"LibreChat (a ChatGPT alternative that works with multiple AI services) has a vulnerability in versions before 0.8.4-rc1 where the message deletion API endpoint doesn't properly check ownership, allowing any logged-in user to permanently delete another user's messages by providing their own conversation ID along with someone else's message ID.","solution":"This vulnerability is fixed in version 0.8.4-rc1. Update LibreChat to 0.8.4-rc1 or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54029","publishedAt":"2026-06-25T17:16:40.537Z","cveId":"CVE-2026-54029","cweIds":["CWE-862"],"cvssScore":"5.3","cvssSeverity":"medium","severity":"medium","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LibreChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N","attackVector":"network","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-25T17:16:40.537Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}