CVE-2026-44653: LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, users
Summary
LibreChat, a ChatGPT-like application supporting multiple AI providers, has a vulnerability in versions up to 0.8.3 where users with limited VIEW access can retrieve encrypted admin passwords and API keys through specific API endpoints, exposing credentials that should remain secret. This happens because the API returns plaintext sensitive values instead of hiding them from non-admin users.
Solution / Mitigation
Version 0.8.4 contains a patch. The source also recommends these additional approaches: never return decrypted admin-managed secrets to non-owners; redact apiKey.key and oauth.client_secret from all API responses; consider returning only boolean presence indicators for secrets (true/false flags showing whether a secret exists, similar to the auth-values route pattern); and if owners need to edit configs without re-entering secrets, preserve secrets server-side and return placeholders instead of plaintext values.
Vulnerability Details
6.5(medium)
EPSS: 0.0%
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
network
low
low
none
June 2, 2026
Classification
Taxonomy References
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2026-44653
First tracked: June 2, 2026 at 08:09 PM
Classified by LLM (prompt v3) · confidence: 85%