CVE-2026-31949 in LibreChatinfo

Zusammenfassung

von MITRE • 13.03.2026

LibreChat is a ChatGPT clone with additional features. Prior to 0.8.3-rc1, a Denial of Service (DoS) vulnerability exists in the DELETE /api/convos endpoint that allows an authenticated attacker to crash the Node.js server process by sending malformed requests. The DELETE /api/convos route handler attempts to destructure req.body.arg without validating that it exists. The server crashes due to an unhandled TypeError that bypasses Express error handling middleware and triggers process.exit(1). This vulnerability is fixed in 0.8.3-rc1.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Zuständig

GitHub M

Reservieren

10.03.2026

Veröffentlichung

13.03.2026

Moderieren

akzeptiert

Eintrag

VDB-351038

CPE

bereit

CWE

CWE-248 (bestätigt)

CVSS

6.5 (CNA)

EPSS

0.00066

KEV

nein

Aktivitäten

very low

Sektor

Police, Pharma, ...

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-31949
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-31949
CVE Details	https://www.cvedetails.com/cve/CVE-2026-31949/

◂ Zurück Übersicht Weiter ▸

Do you want to use VulDB in your project?

Use the official API to access entries easily!