CVE-2026-7844: A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function
Summary
A vulnerability in Langchain-Chatchat (a chatbot framework) up to version 0.3.1.3 allows attackers on the same local network to access file operations without authentication (missing authentication, meaning no login check). The vulnerability affects file-related functions like listing, retrieving, and deleting files, and the exploit code is now publicly available.
Vulnerability Details
6.3(medium)
EPSS: 0.0%
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
adjacent
low
none
none
May 5, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7844
First tracked: May 5, 2026 at 02:09 PM
Classified by LLM (prompt v3) · confidence: 85%