CVE-2025-66201: LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-sid
highvulnerability
LibreChat, a ChatGPT alternative with extra features, had a vulnerability in versions before 0.8.1-rc2 where an authenticated user could exploit the "Actions" feature by uploading malicious OpenAPI specs (interface documents that describe how to connect to external services) to perform SSRF (server-side request forgery, where the server itself is tricked into accessing restricted URLs on the attacker's behalf). This could allow attackers to reach sensitive services like cloud metadata endpoints that are normally hidden from regular users.
Update LibreChat to version 0.8.1-rc2 or later, where this issue has been patched.
8.1(high)
EPSS: 0.1%
Anthropic accuses Chinese AI labs of mining Claude as US debates AI chip exports
CVE-2026-26190: Milvus is an open-source vector database built for generative AI applications. Prior to 2.5.27 and 2.6.10, Milvus expose
CVE-2025-14927: Hugging Face Transformers SEW-D convert_config Code Injection Remote Code Execution Vulnerability. This vulnerability al
CVE-2025-59828: Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.
CVE-2023-46302: Apache Software Foundation Apache Submarine has a bug when serializing against yaml. The bug is caused by snakeyaml htt
Original source: https://nvd.nist.gov/vuln/detail/CVE-2025-66201
First tracked: February 15, 2026 at 08:50 PM
Classified by LLM (prompt v3) · confidence: 92%