CVE-2026-7847: A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_
Summary
A vulnerability was found in Langchain-Chatchat (a chatbot framework) up to version 0.3.1.3 in the file upload handler component. The vulnerability involves insufficiently random values (meaning the system doesn't generate unpredictable numbers properly), which could be exploited by someone on the same local network, though the attack is difficult to carry out.
Vulnerability Details
2.6(low)
EPSS: 0.0%
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
adjacent
high
low
none
May 5, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7847
First tracked: May 5, 2026 at 02:09 PM
Classified by LLM (prompt v3) · confidence: 75%