CVE-2026-54027

MEDIUM 6.5

LibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload Authorization

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool_resources (e.g., context, execute_code) without verifying ownership or EDIT permission on the target agent. A permission check was added to the POST /api/files route in a previous patch, but the image upload route was never updated with the same check. An attacker can simply use the image endpoint instead of the file endpoint to bypass the authorization entirely. This vulnerability is fixed in 0.8.4-rc1.

CWE	CWE-862
Vendor	danny-avila
Product	librechat
Published	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for danny-avila librechat

Be the first to know when new medium vulnerabilities affecting danny-avila librechat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

danny-avila / LibreChat

< 0.8.4-rc1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/danny-avila/LibreChat/security/advisories/GHSA-c55r-p24w-hcj5