Severity by source
CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
2DescriptionCVE.org
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently random values. Access to the local network is required for this attack. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
AnalysisAI
Insufficiently random file ID generation in Langchain-Chatchat up to version 0.3.1.3 allows authenticated local network attackers to predict uploaded file identifiers via the _get_file_id function, enabling information disclosure. The vulnerability requires local network access and authenticated privileges but carries low exploitability due to high attack complexity. A public exploit is available, though the project has not responded to early disclosure notifications.
Technical ContextAI
The vulnerability exists in the file ID generation mechanism within libs/chatchat-server/chatchat/server/api_server/openai_routes.py, specifically in the _get_file_id function. CWE-330 (Use of Insufficiently Random Values) indicates that the function does not generate cryptographically secure random identifiers for uploaded files. This allows an attacker with network access to the application to predict or enumerate valid file IDs, bypassing the intended randomness that protects file access control. The affected product is Langchain-Chatchat, an LLM-based chat application built on the Langchain framework, making file upload handling a critical security component.
RemediationAI
Upgrade Langchain-Chatchat to a version newer than 0.3.1.3 once a patched release is available. As of now, the vendor has not responded to disclosure notifications and no patched version has been confirmed released. Immediate compensating controls include: restrict file upload functionality to trusted internal networks only by implementing network-level access controls (firewall rules limiting access to the upload endpoint), require strong authentication with session management and rate limiting on file upload requests to raise attack complexity further, disable the file upload feature entirely if not essential to operations until a vendor patch is released, and implement monitoring and logging of file ID access patterns to detect enumeration attempts. Each mitigation has trade-offs: disabling uploads removes functionality entirely; network restriction limits legitimate remote users; rate limiting may impact user experience during bulk operations. Monitor the GitHub issue https://github.com/chatchat-space/Langchain-Chatchat/issues/5464 and the project repository for patch announcements.
More in Langchain Chatchat
View allMissing authentication in Langchain-Chatchat up to version 0.3.1.3 allows unauthenticated local network attackers to acc
Time-of-check time-of-use (TOCTOU) vulnerability in Langchain-Chatchat up to 0.3.1.3 allows authenticated local network
Weak hash function in the Vision Chat Paste Image Handler of Langchain-Chatchat up to 0.3.1.3 allows local network attac
Same weakness CWE-330 – Use of Insufficiently Random Values
View allSame technique Information Disclosure
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-27408
GHSA-jv4p-mhmp-69vw