CVE-2026-54029 in LibreChat
Summary
by MITRE • 06/25/2026
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId belongs to the requesting user, but the handler calls deleteMessages({ messageId }) using only the messageId as the MongoDB filter — without adding a user constraint. An attacker provides their own valid conversationId (to pass validation) and the victim's messageId (to target deletion), resulting in permanent, irrecoverable message deletion. This vulnerability is fixed in 0.8.4-rc1.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 06/25/2026
The vulnerability identified in LibreChat versions prior to 0.8.4-rc1 represents a critical access control flaw that undermines the integrity of user data within the application's messaging system. This issue manifests through the DELETE /api/messages/:conversationId/:messageId endpoint, where the authorization mechanism fails to properly validate that the requesting user has legitimate permissions to delete messages belonging to other users. The root cause lies in the implementation of the validateMessageReq middleware which incorrectly focuses validation efforts on verifying only the conversation ownership rather than ensuring proper message-level access control.
The technical flaw stems from a fundamental misalignment between the validation logic and the actual deletion operation performed by the backend handler. While the middleware correctly validates that the conversationId belongs to the authenticated user, it fails to enforce similar constraints when processing the messageId parameter. This creates a scenario where an attacker can exploit the system by crafting malicious requests that leverage their own valid conversationId alongside a target victim's message identifier. The deleteMessages function executes with minimal filtering criteria, relying solely on the messageId as its MongoDB query parameter without incorporating any user context or ownership verification.
This vulnerability presents significant operational impact for LibreChat users and administrators alike. The potential for permanent data loss represents a severe threat to user privacy and trust in the application's security model. An attacker can systematically target specific conversations or messages of other users, potentially destroying important communications or compromising sensitive information without leaving detectable traces. The irrecoverable nature of the deleted messages exacerbates the damage, as users cannot restore content that has been permanently removed from the system. This type of authorization bypass vulnerability directly violates the principle of least privilege and can be exploited to undermine the application's core data protection mechanisms.
The security implications of this flaw align with CWE-285 (Improper Authorization) and fall under the ATT&CK technique T1485 (Data Destruction) category, where adversaries gain unauthorized access to remove data from systems. The vulnerability also demonstrates poor input validation practices that could enable additional attack vectors if similar patterns exist elsewhere in the application's API endpoints. Organizations using affected versions of LibreChat should immediately implement mitigation strategies including immediate upgrade to version 0.8.4-rc1 or later, and potentially consider temporary access restrictions for message deletion operations while awaiting patch deployment.
The fix implemented in version 0.8.4-rc1 addresses this vulnerability by enhancing the deleteMessages function to incorporate proper user context validation within its MongoDB query parameters. This ensures that all message deletion operations require verification not only of conversation ownership but also of message-level authorization, preventing unauthorized users from deleting content they do not own. The corrected implementation aligns with established security best practices for API design and access control enforcement. Additionally, the update likely includes enhanced logging capabilities to track message deletion activities and provide audit trails that can help detect suspicious behavior patterns or attempted exploitation attempts.
Organizations should conduct comprehensive security assessments of their LibreChat deployments to identify any potential exploitation of this vulnerability within their systems. The remediation process requires verification that all affected endpoints properly implement multi-level authorization checks, including both conversation-level and message-level access controls. System administrators should also review existing monitoring and alerting configurations to ensure they can detect unauthorized deletion attempts or unusual patterns of message removal. The vulnerability serves as a reminder of the critical importance of thorough access control validation in web applications, particularly those handling sensitive user communications and data storage operations.
This incident highlights common security pitfalls that occur when developers implement partial authorization checks without ensuring comprehensive coverage across all application functions. The gap between validation middleware and actual execution logic creates exploitable conditions that can be leveraged by attackers to bypass intended security controls. Proper security architecture requires that each function call within an application be validated against the appropriate authorization context, preventing scenarios where one authorization check inadvertently leaves other operations vulnerable to unauthorized access. The vulnerability demonstrates how seemingly minor implementation oversights in access control logic can result in significant data loss and privacy breaches.