LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences (for example, ../../../../../app/client/dist/poc.txt) is concatenated into the server-side destination path and written with fs.writeFileSync() without sanitization. This gives any user who can trigger execute_code an arbitrary file write primitive as the LibreChat server user. This vulnerability is fixed in 0.8.4.
References
| Link | Resource |
|---|---|
| https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692 | Exploit Vendor Advisory |
| https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692 | Exploit Vendor Advisory |
Configurations
History
14 Apr 2026, 19:24
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Librechat
Librechat librechat |
|
| CPE | cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:* | |
| References | () https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692 - Exploit, Vendor Advisory |
08 Apr 2026, 17:21
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/danny-avila/LibreChat/security/advisories/GHSA-qrm5-r67f-6692 - |
07 Apr 2026, 22:16
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2026-04-07 22:16
Updated : 2026-04-14 19:24
NVD link : CVE-2026-34371
Mitre link : CVE-2026-34371
CVE.ORG link : CVE-2026-34371
JSON object : View
Products Affected
librechat
- librechat
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')