SB2026042788 - Server-Side Request Forgery (SSRF) in LibreChat
Published: April 27, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 vulnerability.
1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-31943)
CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)
CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green
The vulnerability allows a remote user to make the server issue HTTP requests to internal network resources and disclose sensitive information.
The vulnerability exists due to server-side request forgery in isPrivateIP() in packages/api/src/auth/domain.ts when processing IPv4-mapped IPv6 addresses in hex-normalized form. A remote user can supply a specially crafted domain value to make the server issue HTTP requests to internal network resources and disclose sensitive information.
Exploitation requires permission to create or execute agent actions, and affected call sites include action creation, action execution, and MCP server connections.
Remediation
Install update from vendor's website.