CVE-2026-7847 in Langchain-Chatchatinformação

Sumário

de MITRE • 05/05/2026

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently random values. Access to the local network is required for this attack. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Responsável

VulDB

Divulgação

05/05/2026

Moderação

aceite

Entrada

VDB-361126

CPE

pronto

CWE

CWE-330 (confirmado)

Exploração

Descarregar

CVSS

2.6 (VulDB)

EPSS

0.00040

KEV

não

Atividades

muito baixo

Sector

Hostingprovider, Telecommunication, ...

Fontes

MITRE	https://www.cve.org/CVERecord?id=CVE-2026-7847
NVD	https://nvd.nist.gov/vuln/detail/CVE-2026-7847
CVE Details	https://www.cvedetails.com/cve/CVE-2026-7847/

◂ Voltar Visão Geral Próximo ▸

Want to stay up to date on a daily basis?

Enable the mail alert feature now!