CVE-2026-7844

EPSS 0.32%
Veröffentlicht 05.05.2026 16:16:19
Zuletzt bearbeitet 05.05.2026 19:06:58
Quelle cna@vuldb.com
CVE-Watchlists
Login
Unerledigt
Login

chatchat-space Langchain-Chatchat Compatible File Service openai_routes.py delete_file missing authentication

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Compatible File Service. The manipulation results in missing authentication. The attacker must have access to the local network to execute the attack. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 2 Referenzen 9

CNA 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch das CVE Programm von einer CVE Numbering Authority (CNA) (Unstrukturiert).

Herstellerchatchat-space

≫

Produkt Langchain-Chatchat

Version 0.3.1.0

Status affected

Version 0.3.1.1

Status affected

Version 0.3.1.2

Status affected

Version 0.3.1.3

Status affected

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.32%	0.237

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
cna@vuldb.com	6.3	2.8	3.4	CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
cna@vuldb.com	2.1	0	0	CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
cna@vuldb.com	5.8	6.5	6.4	AV:A/AC:L/Au:N/C:P/I:P/A:P

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

CWE-306 Missing Authentication for Critical Function

The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.

https://github.com/3em0/cve_repo/blob/main/Langchain-Chatchat/Vuln-4-Missing-Auth-File-Endpoints.md

https://github.com/chatchat-space/Langchain-Chatchat/

https://github.com/chatchat-space/Langchain-Chatchat/issues/5465

https://vuldb.com/submit/807790

https://vuldb.com/vuln/361123

https://vuldb.com/vuln/361123/cti

https://nvd.nist.gov/vuln/detail/CVE-2026-7844

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2026-7844

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2026-7844

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2026-7844