{"data":{"id":"e6835d8a-86c9-4cbf-99d0-45d244aef572","title":"CVE-2026-31942: LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an In","summary":"LibreChat, a ChatGPT-like application supporting multiple AI providers, has an IDOR vulnerability (insecure direct object reference, where an attacker can access or modify resources belonging to other users) in its API key management system in versions up to 0.7.6. An authenticated attacker can inject a userId parameter to overwrite another user's API keys, potentially stealing their API key configurations or blocking their service.","solution":"This vulnerability is patched in version 0.8.3-rc1.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-31942","publishedAt":"2026-06-02T23:16:35.687Z","cveId":"CVE-2026-31942","cweIds":["CWE-862"],"cvssScore":"7.1","cvssSeverity":"high","severity":"high","attackType":["data_extraction"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["OpenAI","Anthropic"],"affectedVendorsRaw":["LibreChat","OpenAI","Anthropic","Azure"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-02T23:16:35.687Z","capecIds":["CAPEC-122"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["confidentiality","integrity","availability"],"aiComponentTargeted":"api","llmSpecific":true,"classifierConfidence":0.95,"researchCategory":null,"atlasIds":null}}