What is the CVSS score of CVE-2024-11169?

CVE-2024-11169 has a CVSS 3.0 base score of 7.5 (High). CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. EPSS exploitation probability: 0.8%.

Which versions of Librechat are affected by CVE-2024-11169?

Organizations using danny-avila/librechat face notable risk from CVE-2024-11169 rated CVSS 7.5. Exploitation could compromise the security of affected deployments.. A patch is available.

Is there a public PoC exploit available for CVE-2024-11169?

Yes, a public proof-of-concept exploit is available for CVE-2024-11169. Prioritise patching immediately. EPSS: 0.8%.

How to fix or mitigate CVE-2024-11169?

Within 30 days: Identify all affected systems running danny-avila/librechat and apply vendor patches as part of regular patch cycle. Vendor patch is available.

Librechat CVE-2024-11169

HIGH

Misinterpretation of Input (CWE-115)

2025-03-20 security@huntr.dev

Denial Of Service Librechat

7.5

CVSS 3.0

CVSS VectorNVD

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 28, 2026 - 18:32 vuln.today

Patch released

Mar 28, 2026 - 18:32 nvd

Patch available

PoC Detected

Jul 15, 2025 - 16:45 vuln.today

Public exploit code

CVE Published

Mar 20, 2025 - 10:15 nvd

HIGH 7.5

DescriptionNVD

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6.

AnalysisAI

An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Technical ContextAI

This vulnerability is classified under CWE-115. An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6. Affected products include: Librechat. Version information: version 3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2024-11169 vulnerability details – vuln.today

Back

Librechat CVE-2024-11169

CVSS VectorNVD

Lifecycle Timeline

DescriptionNVD

AnalysisAI

Technical ContextAI

RemediationAI

Share

External POC / Exploit Code