{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-54033", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-06-11T16:57:50.018Z", "datePublished": "2026-06-25T15:50:41.754Z", "dateUpdated": "2026-06-25T17:43:57.186Z"}, "containers": {"cna": {"title": "LibreChat: SSRF via User-Provided Custom Endpoint baseURL \u2014 no private IP validation on user-configured API base URLs", "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "lang": "en", "description": "CWE-918: Server-Side Request Forgery (SSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-gc9r-88c3-7qhq", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-gc9r-88c3-7qhq"}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "versions": [{"version": "< 0.8.4-rc1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-25T15:50:41.754Z"}, "descriptions": [{"lang": "en", "value": "LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation \u2014 no private IP check, no scheme restriction, no DNS pinning. An authenticated user can set baseURL to internal network addresses. This vulnerability is fixed in 0.8.4-rc1."}], "source": {"advisory": "GHSA-gc9r-88c3-7qhq", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-gc9r-88c3-7qhq", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-06-25T17:43:53.379264Z", "id": "CVE-2026-54033", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T17:43:57.186Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-54033", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-06-25T17:43:53.379264Z"}}}], "references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-gc9r-88c3-7qhq", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-06-25T17:43:43.558Z"}}], "cna": {"title": "LibreChat: SSRF via User-Provided Custom Endpoint baseURL \u2014 no private IP validation on user-configured API base URLs", "source": {"advisory": "GHSA-gc9r-88c3-7qhq", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "versions": [{"status": "affected", "version": "< 0.8.4-rc1"}]}], "references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-gc9r-88c3-7qhq", "name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-gc9r-88c3-7qhq", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-compatible API endpoints by setting a baseURL. This URL is used to construct HTTP requests without any SSRF validation \u2014 no private IP check, no scheme restriction, no DNS pinning. An authenticated user can set baseURL to internal network addresses. This vulnerability is fixed in 0.8.4-rc1."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-918", "description": "CWE-918: Server-Side Request Forgery (SSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-06-25T15:50:41.754Z"}}}, "cveMetadata": {"cveId": "CVE-2026-54033", "state": "PUBLISHED", "dateUpdated": "2026-06-25T17:43:57.186Z", "dateReserved": "2026-06-11T16:57:50.018Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-06-25T15:50:41.754Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.8.4-rc1)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "LibreChat", "source": "cna", "vendor": "danny-avila"}, "product": "libre_chat", "vendor": "danny-avila"}], "created": "2026-06-25T17:30:05.152743+00:00", "updated": "2026-06-25T21:15:05.057724+00:00", "vendors": ["danny-avila", "danny-avila$PRODUCT$libre_chat"]}