By vendor
Librechat vulnerabilities
Known CVEs affecting Librechat products, prioritized by severity, with SEC.co remediation and detection guidance.
1 published vulnerability
- CVE-2026-31942HIGH 7.1
LibreChat versions up to 0.7.6 contain a critical flaw in how API keys are managed. Any authenticated user can manipulate API key settings for other users by injecting parameters into requests, allowing them to replace legitimate API keys (from providers like OpenAI, Anthropic, or Azure) with their own or invalid ones. This means an attacker could intercept conversations through attacker-controlled API endpoints or disable a victim's service entirely.