CVE-2026-7847

LOW 2.6

chatchat-space Langchain-Chatchat Uploaded File openai_routes.py _get_file_id random values

CVSS Score

2.6

EPSS Score

0.0%

EPSS Percentile

0th

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently random values. Access to the local network is required for this attack. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

CWE	CWE-330 CWE-310
Vendor	chatchat-space
Product	langchain-chatchat
Published	May 5, 2026

Stay Ahead of the Next One

Get instant alerts for chatchat-space langchain-chatchat

Be the first to know when new low vulnerabilities affecting chatchat-space langchain-chatchat are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N/E:P/RL:X/RC:R

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

chatchat-space / Langchain-Chatchat

0.3.1.0 0.3.1.1 0.3.1.2 0.3.1.3

References

NVD ↗ CVE.org ↗ EPSS Data ↗

vuldb.com: https://vuldb.com/vuln/361126 vuldb.com: https://vuldb.com/vuln/361126/cti vuldb.com: https://vuldb.com/submit/807796 github.com: https://github.com/chatchat-space/Langchain-Chatchat/issues/5464 github.com: https://github.com/3em0/cve_repo/blob/main/Langchain-Chatchat/Vuln-3-Predictable-File-ID.md github.com: https://github.com/chatchat-space/Langchain-Chatchat/

Credits

🔍 Dem00 (VulDB User) VulDB CNA Team