CVE-2026-7845: A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.toby
Summary
A vulnerability (CVE-2026-7845) was discovered in Langchain-Chatchat version 0.3.1.3 and earlier, affecting a function that handles pasting images in the chat interface. An attacker on the same local network could exploit this flaw by manipulating image data to cause weak cryptographic hashing (weak hash, a security measure that's easy to break), though the attack is difficult to execute and requires significant technical skill.
Vulnerability Details
2.6(low)
EPSS: 0.0%
CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N
adjacent
high
low
none
May 5, 2026
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-7845
First tracked: May 5, 2026 at 02:09 PM
Classified by LLM (prompt v3) · confidence: 72%