SB2026042788 - Server-Side Request Forgery (SSRF) in LibreChat



SB2026042788 - Server-Side Request Forgery (SSRF) in LibreChat

Published: April 27, 2026

Security Bulletin ID SB2026042788
CSH Severity
Medium
Patch available
YES
Number of vulnerabilities 1
Exploitation vector Remote access
Highest impact Data manipulation

Breakdown by Severity

Medium 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 1 vulnerability.


1) Server-Side Request Forgery (SSRF) (CVE-ID: CVE-2026-31943)

CWE-ID: CWE-918 - Server-Side Request Forgery (SSRF)

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N/E:U/U:Green


The vulnerability allows a remote user to make the server issue HTTP requests to internal network resources and disclose sensitive information.

The vulnerability exists due to server-side request forgery in isPrivateIP() in packages/api/src/auth/domain.ts when processing IPv4-mapped IPv6 addresses in hex-normalized form. A remote user can supply a specially crafted domain value to make the server issue HTTP requests to internal network resources and disclose sensitive information.

Exploitation requires permission to create or execute agent actions, and affected call sites include action creation, action execution, and MCP server connections.


Remediation

Install update from vendor's website.