CVE-2026-54033
HighCVSS 7.7Exploitation Probability (EPSS)
Low risk10th percentile — higher than 10% of all known CVEs
Summary
LibreChat before version 0.8.4-rc1 allows authenticated users to set a custom URL for OpenAI-compatible API endpoints. This URL is used to construct HTTP requests without any SSRF validation, enabling traffic to be directed to internal network addresses.
Risk Assessment
An attacker can exploit this vulnerability to scan the organization's internal network, access internal services, or perform Server-Side Request Forgery (SSRF) attacks, potentially leading to data leakage or system integrity compromise.
Recommendation
Immediately upgrade LibreChat to version 0.8.4-rc1 or later, which includes a fix for this vulnerability.
Original NVD description (English source)
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation — no private IP check, no scheme restriction, no DNS pinning. An authenticated user can set baseURL to internal network addresses. This vulnerability is fixed in 0.8.4-rc1.

