Skip to main content

Langchain-Chatchat CVE-2026-7846

| EUVDEUVD-2026-27392 LOW
Time-of-check Time-of-use (TOCTOU) Race Condition (CWE-367)
2026-05-05 VulDB GHSA-x229-w2j4-h748
1.2
CVSS 4.0 · NVD

Severity by source

NVD PRIMARY
1.2 LOW
CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Adjacent
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
May 05, 2026 - 16:32 vuln.today
CVSS changed
May 05, 2026 - 16:22 NVD
2.6 (LOW) 1.2 (LOW)

DescriptionCVE.org

A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to time-of-check time-of-use. Access to the local network is required for this attack to succeed. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

AnalysisAI

Time-of-check time-of-use (TOCTOU) vulnerability in Langchain-Chatchat up to 0.3.1.3 allows authenticated local network attackers to manipulate file.filename arguments in the OpenAI-Compatible File Upload API, leading to integrity compromise through race condition exploitation. Publicly available exploit code exists, and the vendor has not responded to early disclosure notification despite proof-of-concept documentation.

Technical ContextAI

The vulnerability exists in the OpenAI-Compatible File Upload API endpoint (libs/chatchat-server/chatchat/server/api_server/openai_routes.py) and stems from a classic TOCTOU race condition (CWE-367). The file upload handler checks the validity of file.filename at one point in time but uses that filename later without re-validating it, creating a window where an attacker on the local network can modify the filename between the check and use phases. This allows an authenticated user to bypass filename restrictions or manipulate file storage paths. The vulnerability requires local network access (AV:A) and high attack complexity (AC:H), limiting exposure to attackers within network proximity.

RemediationAI

No vendor-released patch has been identified at time of analysis. The project maintainers have not responded to early disclosure despite issue notification. Immediate remediation options are limited: (1) Upgrade to a future patched version if released by chatchat-space (monitor GitHub releases and security advisories); (2) Implement network-level access controls restricting the OpenAI-Compatible File Upload API endpoint to trusted internal networks only, using firewall rules or API gateway authentication; (3) Disable the OpenAI-Compatible File Upload API feature entirely if not required for operations, reducing attack surface; (4) Implement file operation logging and integrity monitoring (checksums, audit trails) on uploaded files to detect race condition exploitation. Organizations should also consider submitting additional reports to the chatchat-space project or seeking community-maintained forks with security patches. None of these workarounds fully eliminate the TOCTOU race condition itself; they only reduce exposure or detectability.

Share

CVE-2026-7846 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy