{"data":{"id":"5b22a252-0ffb-43e1-bf5b-1785adb0e842","title":"CVE-2026-7846: A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the","summary":"A vulnerability (CVE-2026-7846) exists in Langchain-Chatchat versions up to 0.3.1.3 in the OpenAI-Compatible File Upload API. The flaw involves a time-of-check time-of-use bug (a race condition where a file is checked for safety, then modified before it's actually used), triggered by manipulating the file.filename argument, though it requires local network access and is difficult to exploit.","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-7846","publishedAt":"2026-05-05T16:16:19.577Z","cveId":"CVE-2026-7846","cweIds":["CWE-362","CWE-367"],"cvssScore":"2.6","cvssSeverity":"low","severity":"low","attackType":["other"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["Langchain-Chatchat","chatchat-space"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N","attackVector":"adjacent","attackComplexity":"high","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-05T16:16:19.577Z","capecIds":["CAPEC-26","CAPEC-27","CAPEC-29"],"crossRefCount":0,"attackSophistication":"advanced","impactType":["integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.75,"researchCategory":null,"atlasIds":null}}