CVE-2026-31951

Published: Mar 27, 2026 Last Modified: Mar 27, 2026
ExploitDB:
Other exploit source:
Google Dorks:
MEDIUM 6,8
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: low
User Interaction: required
Scope: changed
Confidentiality: high
Integrity: none
Availability: none

Description

AI Translation Available

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model Context Protocol) servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containing `{{LIBRECHAT_OPENID_ACCESS_TOKEN}}` (and others), causing victims who call tools on that server to have their OAuth tokens exfiltrated. Version 0.8.3-rc2 fixes the issue.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score
0,0003
Percentile
0,1th
Updated

EPSS Score Trend (Last 2 Days)

200

Exposure of Sensitive Information to an Unauthorized Actor

Draft
Abstraction: Class Structure: Simple
Common Consequences
Security Scopes Affected:
Confidentiality
Potential Impacts:
Read Application Data
Applicable Platforms
Technologies: Mobile, Not Technology-Specific, Web Based
Likelihood of Exploit: High
View CWE Details
https://github.com/danny-avila/LibreChat/security/advisorie…
https://github.com/danny-avila/LibreChat/security/advisories/GHSA-pmw7-gqwj-f954