Skip to main content

LibreChat EUVDEUVD-2026-39456

| CVE-2026-54040 HIGH
Missing Authentication for Critical Function (CWE-306)
2026-06-25 GitHub_M
7.1
CVSS 3.1 · NVD
Share

Severity by source

Vendor (GitHub_M) PRIMARY
MEDIUM
qualitative
NVD
7.1 HIGH
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
vuln.today AI
7.1 HIGH

Network endpoint with no UI and low complexity, but a valid session is required (PR:L); regenerating backup codes is a high integrity hit (I:H) with minor confidentiality exposure (C:L) and no availability impact.

3.1 AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
4.0 AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (GitHub_M).

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:H/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
High
Availability
None

Lifecycle Timeline

7
Analysis Updated
Jun 29, 2026 - 16:13 vuln.today
v3 (cvss_changed)
Analysis Updated
Jun 29, 2026 - 16:13 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Jun 29, 2026 - 16:07 vuln.today
cvss_changed
Severity Changed
Jun 29, 2026 - 16:07 NVD
MEDIUM HIGH
CVSS changed
Jun 29, 2026 - 16:07 NVD
5.9 (MEDIUM) 7.1 (HIGH)
Patch available
Jun 25, 2026 - 18:03 EUVD
Analysis Generated
Jun 25, 2026 - 17:16 vuln.today

DescriptionNVD

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can silently replace a victim's backup codes and use them to bypass 2FA login or disable 2FA entirely. This vulnerability is fixed in 0.8.4-rc1.

AnalysisAI

Authentication-bypass weakness in LibreChat before 0.8.4-rc1 lets an attacker who already holds a valid session silently regenerate all of a victim's two-factor backup codes via POST /api/auth/2fa/backup/regenerate, which never asks for a current TOTP token or an existing backup code. With fresh codes in hand, the attacker can bypass 2FA at login or turn 2FA off entirely, neutralizing the account's second factor. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Obtain valid victim session token
Delivery
Call /api/auth/2fa/backup/regenerate
Exploit
Server issues new backup codes without TOTP check
Execution
Use codes to bypass or disable 2FA
Impact
Persistent account takeover

Vulnerability AssessmentAI

Exploitation Requires the attacker to already hold a valid authenticated session token for the target LibreChat account (PR:L) and an account that has 2FA enabled with backup codes available; the specific exploited feature is the POST /api/auth/2fa/backup/regenerate endpoint, which omits any TOTP-or-existing-backup-code re-verification. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment Signals are internally consistent and point to a real but bounded risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker steals or hijacks a logged-in user's LibreChat session token (e.g., via XSS, a leaked cookie, or a shared/compromised device) and sends a single POST to /api/auth/2fa/backup/regenerate. The server returns a brand-new set of backup codes without prompting for the victim's TOTP, letting the attacker log in past 2FA or disable 2FA outright; a proof-of-concept for this behavior is acknowledged in the SSVC data.
Remediation Vendor-released patch: 0.8.4-rc1 - upgrade LibreChat to 0.8.4-rc1 or later as the primary fix, per advisory GHSA-h59w-x9h4-m6gv (https://github.com/danny-avila/LibreChat/security/advisories/GHSA-h59w-x9h4-m6gv). … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Identify all LibreChat instances and their current versions; assess scope based on number of active users. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2024-11170 HIGH POC
8.8 Mar 20

A vulnerability in danny-avila/librechat version git 81f2936 allows for path traversal due to improper sanitization of f

CVE-2024-10361 CRITICAL POC
9.1 Mar 20

An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /ap

CVE-2025-69222 CRITICAL POC
9.1 Jan 07

LibreChat 0.8.1-rc2 has SSRF in the Actions feature that allows authenticated users to make the server perform requests

CVE-2026-22252 CRITICAL POC
9.1 Jan 12

LibreChat before v0.8.2-rc2 allows any authenticated user to execute shell commands as root inside the container through

CVE-2025-66201 HIGH POC
8.6 Nov 29

LibreChat is a ChatGPT clone with additional features. Rated high severity (CVSS 8.6), this vulnerability is remotely ex

CVE-2024-11171 HIGH POC
7.5 Mar 20

In danny-avila/librechat version git 0c2a583, there is an improper input validation vulnerability. Rated high severity (

CVE-2025-69220 HIGH POC
7.1 Jan 07

LibreChat is a ChatGPT clone with additional features. Version 0.8.1-rc2 does not enforce proper access control for file

CVE-2024-11173 MEDIUM POC
6.5 Mar 20

An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, lead

CVE-2024-10366 MEDIUM POC
6.5 Mar 20

An improper access control vulnerability (IDOR) exists in the delete attachments functionality of danny-avila/librechat

CVE-2024-41704 CRITICAL
9.8 Jul 22

LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images. Rated critical severity (CVSS 9.8), th

CVE-2024-41703 CRITICAL
9.8 Jul 22

LibreChat through 0.7.4-rc1 has incorrect access control for message updates. Rated critical severity (CVSS 9.8), this v

CVE-2026-32625 CRITICAL
9.6 Jun 02

{VAR} placeholders against the host process environment, so attacker-controlled MCP URLs cause the LibreChat backend to

Share

EUVD-2026-39456 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy