AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-31950: LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoi

mediumvulnerabilityLLM-Specific

security

Source: NVD/CVE DatabaseMarch 27, 2026CVE-2026-31950

Summary

LibreChat (a ChatGPT alternative with extra features) versions 0.8.2-rc2 through 0.8.2-rc3 have a security flaw in the SSE streaming endpoint (a real-time data connection) at `/api/agents/chat/stream/:streamId` that fails to check if a user actually owns a chat stream. This means any logged-in user can guess or obtain another user's stream ID and read their live conversations, including messages and AI responses, without permission.

Solution / Mitigation

Version 0.8.2 patches the issue.

Vulnerability Details

CVSS Score

5.3(medium)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

network

Attack Complexity

high

Privileges Required

low

User Interaction

none

Disclosure Date

March 27, 2026

Classification

Attack Type

Other

Attack SophisticationTrivial

Impact (CIA+S)

confidentiality

AI Component TargetedAPI

Taxonomy References

CWE (Weakness Type)

CWE-284

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

high

GHSA-w3hv-x4fp-6h6j: @grackle-ai/server has Missing WebSocket Origin Header Validation

First tracked: March 28, 2026 at 02:07 AM

Classified by LLM (prompt v3) · confidence: 85%