Skip to main content

LibreChat CVE-2026-54024

| EUVDEUVD-2026-39464 MEDIUM
Allocation of Resources Without Limits or Throttling (CWE-770)
2026-06-25 GitHub_M
6.5
CVSS 3.1 · Vendor: GitHub_M
Share

Severity by source

Vendor (GitHub_M) PRIMARY
6.5 MEDIUM
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
6.5 MEDIUM

Network-exploitable by any authenticated user with no special conditions; impact is availability-only resource exhaustion with no confidentiality or integrity consequence.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorVendor: GitHub_M

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Patch available
Jun 25, 2026 - 18:03 EUVD
Analysis Generated
Jun 25, 2026 - 17:21 vuln.today

DescriptionCVE.org

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 (commit bb58a2d0) added limits: { fileSize } to createMulterInstance() in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that was never updated with the same limits configuration. Combined with the application-level size check being disabled by default (the CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES env var is commented out in .env.example), an authenticated user can upload arbitrarily large files to exhaust server disk space and memory. This vulnerability is fixed in 0.8.4-rc1.

AnalysisAI

Unrestricted file upload to the POST /api/convos/import endpoint in LibreChat prior to 0.8.4-rc1 allows any authenticated user to exhaust server disk space and memory, causing a denial of service. The root cause is an incomplete remediation of CVE-2024-11171: while file size limits were added to the shared multer factory, the import endpoint's independent multer instance was never updated, and the application-level fallback guard (CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES) is commented out in .env.example by default. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid LibreChat credentials
Delivery
Craft oversized multipart file upload
Exploit
POST to /api/convos/import
Execution
Bypass absent multer file size limits
Persist
Consume server disk space and memory
Impact
Trigger denial of service for all users

Vulnerability AssessmentAI

Exploitation Exploitation requires a valid authenticated user session (confirmed by CVSS PR:L). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The provided CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H, score 6.5) is consistent with the described vulnerability. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker with a valid LibreChat account - potentially self-registered on a public instance - constructs a multipart HTTP POST request to /api/convos/import containing a payload of several gigabytes. Because the endpoint's multer instance has no fileSize limit and CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES is disabled by default, the server writes the full upload to disk and buffers it in memory. …
Remediation The primary fix is upgrading LibreChat to version 0.8.4-rc1 or later, which applies file size limits to the /api/convos/import multer instance, closing the patch gap from CVE-2024-11171. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-11170 HIGH POC
8.8 Mar 20

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of f

CVE-2024-10361 CRITICAL POC
9.1 Mar 20

An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /ap

CVE-2025-69222 CRITICAL POC
9.1 Jan 07

LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests

CVE-2026-22252 CRITICAL POC
9.1 Jan 12

LibreChat before v0.8.2-rc2 allows any authenticated user to execute shell commands as root inside the container through

CVE-2025-66201 HIGH POC
8.6 Nov 29

LibreChat is a ChatGPT clone with additional features. Rated high severity (CVSS 8.6), this vulnerability is remotely ex

CVE-2024-11171 HIGH POC
7.5 Mar 20

In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. Rated high severity (

CVE-2025-69220 HIGH POC
7.1 Jan 07

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file

CVE-2024-11173 MEDIUM POC
6.5 Mar 20

An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, lead

CVE-2024-10366 MEDIUM POC
6.5 Mar 20

An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat

CVE-2024-41704 CRITICAL
9.8 Jul 22

LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. Rated critical severity (CVSS 9.8), th

CVE-2024-41703 CRITICAL
9.8 Jul 22

LibreChat through 0.7.4-rc1 has incorrect access control for message updates. Rated critical severity (CVSS 9.8), this v

CVE-2026-32625 CRITICAL
9.6 Jun 02

{VAR} placeholders against the host process environment, so attacker-controlled MCP URLs cause the LibreChat backend to

Share

CVE-2026-54024 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy