CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Librechat: >> Librechat >> 0.8.2 Security Vulnerabilities

CVE-2026-22252

LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fixed in v0.8.2-rc2.

CVSS Score

9.1

EPSS Score

0.0

Published

2026-01-12

Page 1

Vulnerabilities

Vulnerable Software

Librechat: >> Librechat >> 0.8.2 Security Vulnerabilities

Products

Pricing

Contact Us