{"data":{"id":"fcbd1559-756c-4e12-b8c2-bba41a4e9c45","title":"CVE-2026-54024: LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-111","summary":"LibreChat is a ChatGPT-like application that works with multiple AI providers. Before version 0.8.4-rc1, a file upload endpoint called POST /api/convos/import didn't have proper file size restrictions, allowing logged-in users to upload very large files that could fill up a server's storage and memory. A previous security fix added size limits to other file uploads but missed this endpoint.","solution":"Upgrade to LibreChat version 0.8.4-rc1 or later, which fixes this vulnerability.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-54024","publishedAt":"2026-06-25T17:16:40.153Z","cveId":"CVE-2026-54024","cweIds":["CWE-770"],"cvssScore":"6.5","cvssSeverity":"medium","severity":"medium","attackType":["denial_of_service"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":["LangChain"],"affectedVendorsRaw":["LibreChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"low","userInteraction":"none","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-06-25T17:16:40.153Z","capecIds":["CAPEC-130"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["availability"],"aiComponentTargeted":"api","llmSpecific":false,"classifierConfidence":0.85,"researchCategory":null,"atlasIds":null}}