AI Sec Watch: A Security Intelligence Platform for AI Systems

Luu, T.J.

CVE-2026-31944: LibreChat is a ChatGPT clone with additional features. From 0.8.2 to 0.8.2-rc3, The MCP (Model Context Protocol) OAuth c

highvulnerability

security

Source: NVD/CVE DatabaseMarch 13, 2026CVE-2026-31944

Summary

LibreChat versions 0.8.2 to 0.8.2-rc3 have a security flaw in the MCP (Model Context Protocol, a system for connecting AI models to external services) OAuth callback endpoint that fails to verify the user's identity. An attacker can trick a victim into completing an authorization flow, which stores the victim's OAuth tokens (credentials that grant access to services) on the attacker's account, allowing the attacker to take over the victim's connected services like Atlassian or Outlook.

Solution / Mitigation

Update to LibreChat version 0.8.3-rc1, where this vulnerability is fixed.

Vulnerability Details

CVSS Score

7.6(high)

EPSS (30-day exploit probability)

EPSS: 0.0%

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:L/A:N

Attack Vector

network

Attack Complexity

low

Privileges Required

low

User Interaction

required

Disclosure Date

March 13, 2026

Classification

Attack Type

Other

Attack SophisticationModerate

Impact (CIA+S)

integrityconfidentiality

Taxonomy References

CWE (Weakness Type)

CWE-306

CAPEC (Attack Pattern)

CAPEC-115

MITRE ATLAS (AI/ML Threat Technique)

AML.T0010

Affected Vendors

Related Issues

high

CVE-2022-21727: Tensorflow is an Open Source Machine Learning Framework. The implementation of shape inference for `Dequantize` is vulne

Similar attackNVD/CVE Database

critical

CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbi

First tracked: March 13, 2026 at 04:07 PM

Classified by LLM (prompt v3) · confidence: 85%