Skip to main content

Langchain-Chatchat CVE-2026-7844

| EUVDEUVD-2026-27388 LOW
Missing Authentication for Critical Function (CWE-306)
2026-05-05 VulDB GHSA-xvqj-p4jj-r7xh
2.1
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
2.1 LOW
CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
X

Lifecycle Timeline

3
Analysis Generated
May 05, 2026 - 16:32 vuln.today
Severity Changed
May 05, 2026 - 16:22 NVD
MEDIUM LOW
CVSS changed
May 05, 2026 - 16:22 NVD
6.3 (MEDIUM) 2.1 (LOW)

DescriptionCVE.org

A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Compatible File Service. The manipulation results in missing authentication. The attacker must have access to the local network to execute the attack. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Missing authentication in Langchain-Chatchat up to version 0.3.1.3 allows unauthenticated local network attackers to access and manipulate files through the Compatible File Service endpoints (files/list_files, retrieve_file, retrieve_file_content, delete_file) in openai_routes.py without credentials. The vulnerability has a publicly available proof-of-concept exploit and affects confidentiality, integrity, and availability of stored files, though impact is limited to low severity per CVSS scoring; however, the lack of authentication on file operations represents a significant security control failure.

Technical ContextAI

Langchain-Chatchat is a RAG (Retrieval-Augmented Generation) framework built on LLM chains that includes an OpenAI-compatible API server. The vulnerable component is the Compatible File Service in openai_routes.py, which exposes file management endpoints (list_files, retrieve_file, retrieve_file_content, delete_file) without implementing authentication middleware or access control validation. The root cause (CWE-306: Missing Authentication for Critical Function) indicates that the application fails to verify user identity before processing file operations that should be restricted. This suggests either absent authentication decorators/middleware on these route handlers or incomplete implementation of credential validation mechanisms that should guard these API endpoints.

RemediationAI

Immediate remediation requires implementing authentication validation on all file service endpoints (files/list_files, retrieve_file, retrieve_file_content, delete_file) in openai_routes.py. Apply authentication middleware or decorators to verify user credentials (API keys, OAuth tokens, or session identifiers) before processing any file operations. Upgrade to a patched version once released by the chatchat-space project; monitor the GitHub repository (https://github.com/chatchat-space/Langchain-Chatchat) and official advisory channels for patch availability. Until a vendor patch is available, implement compensating controls: (1) restrict network access to the Langchain-Chatchat API server to trusted internal networks only using firewall rules or network segmentation (e.g., VLANs), blocking external and untrusted internal access; (2) disable file service endpoints entirely if not required for your use case by removing or commenting out the route handlers; (3) implement a reverse proxy (nginx, Apache) in front of the service with authentication enforcement before requests reach the application, though this adds operational complexity. Each mitigation has trade-offs: network restriction reduces flexibility but is most effective if deployment supports it; disabling features removes functionality; proxy-based auth adds latency and architectural complexity. None of these are permanent solutions - vendor patch deployment must be prioritized.

Share

CVE-2026-7844 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy