CVE-2026-54029

MEDIUM 5.3

LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter

CVSS Score

5.3

EPSS Score

0.0%

EPSS Percentile

0th

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId belongs to the requesting user, but the handler calls deleteMessages({ messageId }) using only the messageId as the MongoDB filter — without adding a user constraint. An attacker provides their own valid conversationId (to pass validation) and the victim's messageId (to target deletion), resulting in permanent, irrecoverable message deletion. This vulnerability is fixed in 0.8.4-rc1.

CWE	CWE-862
Vendor	danny-avila
Product	librechat
Published	Jun 25, 2026

Stay Ahead of the Next One

Get instant alerts for danny-avila librechat

Be the first to know when new medium vulnerabilities affecting danny-avila librechat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

Affected Versions

danny-avila / LibreChat

< 0.8.4-rc1

References

NVD ↗ CVE.org ↗ EPSS Data ↗

github.com: https://github.com/danny-avila/LibreChat/security/advisories/GHSA-8892-xj8q-59xc