CVE-2026-54040 is a medium-severity vulnerability in LibreChat, a ChatGPT clone, that allows an attacker to regenerate 2FA backup codes without verification, potentially bypassing 2FA login or disabling it entirely. This issue was fixed in version 0.8.4-rc1. The vulnerability has a CVSS score of 5.9 and is considered a significant risk. Users of LibreChat should ensure they are running version 0.8.4-rc1 o [truncated]
CVE-2026-54029 is a medium-severity vulnerability in LibreChat, an enhanced ChatGPT clone. The vulnerability allows authenticated users to delete other users' messages. This is possible because the DELETE /api/messages/:conversationId/:messageId endpoint does not properly validate the requesting user's permissions. An attacker can exploit this by providing a valid conversationId and the victim's messageId [truncated]
A vulnerability in LibreChat's markdown artifact preview pipeline allows attackers to inject arbitrary event handlers. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls through to the default renderer. LibreChat's generateMarkdownHtml function installs a custom image renderer that returns false for URLs passing the isSafeUrl allowlist c [truncated]
CVE-2026-54024 is a vulnerability in LibreChat, an enhanced ChatGPT clone, that allows authenticated users to upload arbitrarily large files. This is possible because the POST /api/convos/import endpoint uses a separate multer instance that was not updated with the same limits configuration as the fix for CVE-2024-11171. The application-level size check is also disabled by default. An attacker could explo [truncated]
