{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31943", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.656Z", "datePublished": "2026-03-27T19:21:50.653Z", "dateUpdated": "2026-03-31T19:10:14.342Z"}, "containers": {"cna": {"title": "LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c"}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "versions": [{"version": "< 0.8.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T19:21:50.653Z"}, "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources \u2014 including cloud metadata services (e.g., AWS `169.254.169.254`), loopback, and RFC1918 ranges. Version 0.8.3 fixes the issue."}], "source": {"advisory": "GHSA-w5r7-4f94-vp4c", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-31T18:38:43.982569Z", "id": "CVE-2026-31943", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T19:10:14.342Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31943", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-31T18:38:43.982569Z"}}}], "references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-31T19:08:23.278Z"}}], "cna": {"title": "LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP", "source": {"advisory": "GHSA-w5r7-4f94-vp4c", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "versions": [{"status": "affected", "version": "< 0.8.3"}]}], "references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c", "name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources \u2014 including cloud metadata services (e.g., AWS `169.254.169.254`), loopback, and RFC1918 ranges. Version 0.8.3 fixes the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T19:21:50.653Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31943", "state": "PUBLISHED", "dateUpdated": "2026-03-31T19:10:14.342Z", "dateReserved": "2026-03-10T15:10:10.656Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-27T19:21:50.653Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D34833A-E49E-47F0-8C2E-0D55B6CF59BB", "versionEndExcluding": "0.8.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:librechat:librechat:0.8.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "482D0FE3-2AB3-47B6-982E-564A5B824464", "vulnerable": true}, {"criteria": "cpe:2.3:a:librechat:librechat:0.8.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "451E27B8-D779-4C62-AF93-C8EF026E3B09", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources \u2014 including cloud metadata services (e.g., AWS `169.254.169.254`), loopback, and RFC1918 ranges. Version 0.8.3 fixes the issue."}], "id": "CVE-2026-31943", "lastModified": "2026-03-31T20:16:27.063", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 8.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.7, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T20:16:29.897", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.8.3)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "LibreChat", "source": "cna", "vendor": "danny-avila"}, "product": "libre_chat", "vendor": "danny-avila"}], "analysis": {"en": {"generated_at": "2026-03-31T06:05:27.087851+00:00", "value": {"mitigation_remediation": ["Upgrade LibreChat to version 0.8.3 or later to apply the fix.", "Verify that SSRF protection is functioning after the update by testing requests to private IP addresses.", "If an upgrade cannot be performed immediately, restrict API input to disallow IPv4\u2011mapped IPv6 addresses or block access to internal IP ranges until the patch is applied."], "summary": {"action": "Immediate Patch", "impact": "Server\u2011Side Request Forgery via IPv4\u2011mapped IPv6"}, "threat_synthesis": {"affected_systems": "LibreChat, managed by danny\u2011avila, is affected in all releases prior to version 0.8.3, including the 0.8.3\u2011rc1 and 0.8.3\u2011rc2 builds. The issue is resolved in 0.8.3 and later versions.", "description_and_impact": "The flaw resides in the isPrivateIP function, which fails to recognize IPv4\u2011mapped IPv6 addresses written in their hex\u2011normalized form. An authenticated user can craft a request that disguises a private IPv4 address as an IPv6 literal, thereby bypassing the server\u2011side request forgery (SSRF) filter. The server will then resolve the address and send an HTTP request to target internal network resources, including cloud metadata services, loopback interfaces, and RFC1918 ranges. This allows an attacker to read internal data, obtain sensitive configuration or authentication credentials, and potentially pivot to other internal services.", "risk_and_exploitability": "The vulnerability has a CVSS score of 8.5, indicating high severity. EPSS is reported below 1%, suggesting low current exploit activity, but the flaw is not listed in the CISA KEV catalog. Attackers must be authenticated to the service; through the protected API, they can send a crafted request that makes the server reach internal IP addresses. The successful exploitation could expose confidential data and enable lateral movement within the internal network."}}}}, "created": "2026-03-27T20:27:35.357547+00:00", "updated": "2026-03-31T20:00:52.373749+00:00", "vendors": ["danny-avila", "danny-avila$PRODUCT$libre_chat"]}