CVE-2026-54027

Exploit

EPSS 0.2%
Veröffentlicht 25.06.2026 15:52:02
Zuletzt bearbeitet 26.06.2026 19:02:55
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

LibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload Authorization

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool_resources (e.g., context, execute_code) without verifying ownership or EDIT permission on the target agent. A permission check was added to the POST /api/files route in a previous patch, but the image upload route was never updated with the same check. An attacker can simply use the image endpoint instead of the file endpoint to bypass the authorization entirely. This vulnerability is fixed in 0.8.4-rc1.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 4

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Librechat ≫ Librechat Version <= 0.8.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.2%	0.094

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

https://github.com/danny-avila/LibreChat/security/advisories/GHSA-c55r-p24w-hcj5

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2026-54027

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-54027

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-54027

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-54027