Volerion logoVolerion
Volerion logoVolerion

LibreChat Path Traversal Vulnerability in danny-avila/librechat Allowing Arbitrary File Write and Potential Remote Code Execution

Vulnerability

A path traversal vulnerability has been identified in LibreChat, specifically in the danny-avila/librechat repository, version git 81f2936. This vulnerability arises from improper sanitization of file paths by the multer middleware, allowing for arbitrary file writing. The issue could potentially be exploited to execute remote code. The vulnerability has been addressed in version 0.7.6.

Impact

Exploitation of this vulnerability could lead to arbitrary file writing, with the potential for remote code execution.

Reproduction

The vulnerability can be reproduced by uploading a file through a route that uses multer for file handling, without the proper filename sanitization. This can be done by including directory traversal sequences in the file name, which multer will not correctly sanitize, allowing the uploaded file to be written outside of the intended directory.

Remediation

Users are advised to update to LibreChat version 0.7.6 or later, where this vulnerability has been fixed.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
1.4
impact
10.0
exploitability
5.6
remediation
7.7
relevance
0.0
threat
4.9
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.