Librechat: >> Librechat Security Vulnerabilities
In version 0.7.5 of danny-avila/LibreChat, there is an improper access control vulnerability. Users can share, use, and create prompts without being granted permission by the admin. This can break application logic and permissions, allowing unauthorized actions.
CVSS Score
5.4
EPSS Score
0.0
Published
2025-03-20
An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat version v0.7.5-rc2. The endpoint does not verify whether the provided attachment ID belongs to the current user, allowing any authenticated user to delete attachments of other users.
CVSS Score
7.6
EPSS Score
0.0
Published
2025-03-20
LibreChat through 0.7.4-rc1 has incorrect access control for message updates.
CVSS Score
9.8
EPSS Score
0.001
Published
2024-07-22
LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.
CVSS Score
9.8
EPSS Score
0.002
Published
2024-07-22
Page 2