SB2026042783 - Multiple vulnerabilities in LibreChat



SB2026042783 - Multiple vulnerabilities in LibreChat

Published: April 27, 2026

Security Bulletin ID SB2026042783
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 4
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

Medium 25% Low 75%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 4 vulnerabilities.


1) Input validation error (CVE-ID: CVE-2026-22252)

CWE-ID: CWE-20 - Improper input validation

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to execute arbitrary shell commands as root inside the container.

The vulnerability exists due to improper input validation in the MCP stdio transport when handling crafted API requests for MCP server creation. A remote privileged user can send a specially crafted HTTP request with an arbitrary command to execute arbitrary shell commands as root inside the container.

The issue works on the default installation and is triggered during MCP server creation during inspection.


2) Missing Authorization (CVE-ID: CVE-2025-69221)

CWE-ID: CWE-862 - Missing Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to disclose sensitive information.

The vulnerability exists due to missing authorization in the agent permission query endpoint when querying agent permissions by agent ID. A remote user can send a crafted request for an arbitrary agent ID to disclose sensitive information.

The exposed data can include individually assigned permissions for other users, and exploitation requires knowledge of the target agent ID.


3) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2025-69222)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:L/SC:L/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to interact with arbitrary third-party HTTP services and access internal services.

The vulnerability exists due to server-side request forgery in the Actions feature when processing user-supplied OpenAPI specifications in the default configuration. A remote user can define crafted action specifications and send requests to arbitrary HTTP services to interact with arbitrary third-party HTTP services and access internal services.

In the default Docker Compose setup, this can expose the internal RAG API and allow requests with arbitrary HTTP methods, parameters, and headers.


4) Missing Authorization (CVE-ID: CVE-2025-69220)

CWE-ID: CWE-862 - Missing Authorization

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:N/VC:N/VI:H/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear


The vulnerability allows a remote user to modify arbitrary agents.

The vulnerability exists due to missing authorization in the agent file upload functionality when uploading files to an agent's file context or file search. A remote user can upload a file for an agent they do not have permission to edit to modify arbitrary agents.

Exploitation requires knowledge of the target agent ID.


Remediation

Install update from vendor's website.