{"data":{"id":"fa8120c5-ed4f-4f4b-b451-6b0eea2fe15e","title":"CVE-2026-54025: LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability","summary":"LibreChat, a ChatGPT-like application that works with multiple AI providers, has a vulnerability in how it displays formatted text (markdown) before version 0.8.4-rc1. The marked library fails to properly escape special characters in image descriptions, allowing an attacker to hide malicious code in those descriptions. When a user views the formatted text, this hidden code executes in their browser without permission.","solution":"This vulnerability is fixed in version 0.8.4-rc1. Users should upgrade LibreChat to this version or later.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54025","publishedAt":"2026-06-25T17:16:40.277Z","cveId":"CVE-2026-54025","cweIds":["CWE-79"],"cvssScore":"5.4","cvssSeverity":"medium","severity":"medium","attackType":["jailbreak"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LibreChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-25T17:16:40.277Z","capecIds":["CAPEC-198","CAPEC-86"],"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","confidentiality"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":["AML.T0054"]}}