{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-34371", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-27T13:43:14.369Z", "datePublished": "2026-04-07T21:08:13.175Z", "dateUpdated": "2026-04-08T16:14:43.926Z"}, "containers": {"cna": {"title": "LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal", "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692"}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "versions": [{"version": "< 0.8.4", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T21:08:13.175Z"}, "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences (for example, ../../../../../app/client/dist/poc.txt) is concatenated into the server-side destination path and written with fs.writeFileSync() without sanitization. This gives any user who can trigger execute_code an arbitrary file write primitive as the LibreChat server user. This vulnerability is fixed in 0.8.4."}], "source": {"advisory": "GHSA-qrm5-r67f-6692", "discovery": "UNKNOWN"}}, "adp": [{"references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-04-08T16:10:31.032341Z", "id": "CVE-2026-34371", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T16:14:43.926Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-34371", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-04-08T16:10:31.032341Z"}}}], "references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-08T16:10:38.832Z"}}], "cna": {"title": "LibreChat Affected by Arbitrary File Write via `execute_code` Artifact Filename Traversal", "source": {"advisory": "GHSA-qrm5-r67f-6692", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "versions": [{"status": "affected", "version": "< 0.8.4"}]}], "references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692", "name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences (for example, ../../../../../app/client/dist/poc.txt) is concatenated into the server-side destination path and written with fs.writeFileSync() without sanitization. This gives any user who can trigger execute_code an arbitrary file write primitive as the LibreChat server user. This vulnerability is fixed in 0.8.4."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-04-07T21:08:13.175Z"}}}, "cveMetadata": {"cveId": "CVE-2026-34371", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:14:43.926Z", "dateReserved": "2026-03-27T13:43:14.369Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-04-07T21:08:13.175Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences (for example, ../../../../../app/client/dist/poc.txt) is concatenated into the server-side destination path and written with fs.writeFileSync() without sanitization. This gives any user who can trigger execute_code an arbitrary file write primitive as the LibreChat server user. This vulnerability is fixed in 0.8.4."}], "id": "CVE-2026-34371", "lastModified": "2026-04-08T21:27:00.663", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-04-07T22:16:22.227", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,0.8.4)"}}], "enrichment": {"confidence": 98.0, "confidence_source": "matching", "scores": [{"score": 98.0, "source": "matching"}]}, "original": {"product": "LibreChat", "source": "cna", "vendor": "danny-avila"}, "product": "libre_chat", "vendor": "danny-avila"}], "analysis": {"en": {"generated_at": "2026-04-07T23:58:59.263763+00:00", "value": {"mitigation_remediation": ["Upgrade LibreChat to version 0.8.4 or newer."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Write"}, "threat_synthesis": {"affected_systems": "Affected installations are those running LibreChat from the author danny\u2011avila, version 0.8.3 or earlier, when the default local file strategy is enabled. The issue is resolved in version 0.8.4 and later. No other products or vendors are impacted.", "description_and_impact": "The vulnerability arises when LibreChat processes code\u2011generated artifacts, trusting the filename supplied by the execute_code sandbox. This missing sanitization allows a crafted path containing traversal sequences to be concatenated into the server\u2019s local file storage path and written without validation. The result is an arbitrary file write ability for any user who can invoke execute_code, potentially compromising server files or injecting malicious content. The weakness is identified as CWE\u201122.", "risk_and_exploitability": "The CVSS score of 6.3 indicates a moderate severity. Exploitation only requires the ability to trigger execute_code, which may be available to authenticated or even unauthenticated users depending on deployment. The attack vector is likely network\u2011based, using the execute_code endpoint to supply a malicious filename. Because the payload is simple and no public exploit exists, the likelihood of real\u2011world exploitation is moderate, though the potential impact is significant. The vulnerability is not listed in the CISA KEV catalog and EPSS score is unavailable."}}}}, "created": "2026-04-08T19:34:12.229965+00:00", "updated": "2026-04-08T19:45:38.649662+00:00", "vendors": ["danny-avila", "danny-avila$PRODUCT$libre_chat"]}