{"data":{"id":"e3c66468-bebc-4163-88ab-29d8da12ba80","title":"CVE-2026-54030: LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implem","summary":"LibreChat, a ChatGPT-like application that works with multiple AI providers, has a vulnerability in versions before 0.8.5 where it fails to validate the resource parameter from OAuth (a system for securely sharing access between applications) metadata, allowing a malicious server to steal access tokens meant for legitimate servers. This is an origin validation error (CWE-346, where the system fails to check that data comes from the expected source).","solution":"Update LibreChat to version 0.8.5 or later, which fixes this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54030","publishedAt":"2026-06-25T17:16:40.660Z","cveId":"CVE-2026-54030","cweIds":["CWE-346"],"cvssScore":"8","cvssSeverity":"high","severity":"high","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LibreChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N","attackVector":"network","attackComplexity":"high","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-25T17:16:40.660Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["confidentiality","integrity"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0010"]}}