CVE-2026-31943
LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP
CVSS Score
8.5
EPSS Score
0.0%
EPSS Percentile
8th
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources โ including cloud metadata services (e.g., AWS `169.254.169.254`), loopback, and RFC1918 ranges. Version 0.8.3 fixes the issue.
| CWE | CWE-918 |
| Vendor | danny-avila |
| Product | librechat |
| Published | Mar 27, 2026 |
| Last Updated | Mar 31, 2026 |
Stay Ahead of the Next One
Get instant alerts for danny-avila librechat
Be the first to know when new high vulnerabilities affecting danny-avila librechat are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
Low
Availability
None
Affected Versions
danny-avila / LibreChat
< 0.8.3