{"data":{"id":"267e4022-bfc6-4f8e-836d-9ec2d94c96c4","title":"CVE-2026-54037: LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-710","summary":"LibreChat, a tool that lets users chat with multiple AI providers, had an incomplete security fix. While developers added rate limiters (controls that limit how many requests can be made in a short time) to one endpoint called /fork to stop users from duplicating conversations too quickly, they forgot to add the same protection to a similar endpoint called /duplicate, which does the same resource-heavy database work. An authenticated user (someone with a valid login) could exploit this gap by using /duplicate instead of /fork to overwhelm the server.","solution":"This vulnerability is fixed in version 0.8.4-rc1.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54037","publishedAt":"2026-06-25T17:16:41.000Z","cveId":"CVE-2026-54037","cweIds":["CWE-770"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LibreChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-25T17:16:41.000Z","capecIds":["CAPEC-130"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}