CVE-2026-54033
LibreChat: SSRF via User-Provided Custom Endpoint baseURL โ no private IP validation on user-configured API base URLs
CVSS Score
7.7
EPSS Score
0.0%
EPSS Percentile
0th
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation โ no private IP check, no scheme restriction, no DNS pinning. An authenticated user can set baseURL to internal network addresses. This vulnerability is fixed in 0.8.4-rc1.
| CWE | CWE-918 |
| Vendor | danny-avila |
| Product | librechat |
| Published | Jun 25, 2026 |
| Last Updated | Jun 25, 2026 |
Stay Ahead of the Next One
Get instant alerts for danny-avila librechat
Be the first to know when new high vulnerabilities affecting danny-avila librechat are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
danny-avila / LibreChat
< 0.8.4-rc1