Primary

Context

LibreChat Denial-of-Service Vulnerability

Vulnerability

Patched

A denial-of-service vulnerability has been identified in the LibreChat repository by danny-avila, specifically in version git 600d217. The issue arises from an unhandled exception that occurs when certain API endpoints receive malformed input. This uncaught exception can cause the server to crash, leading to a full denial-of-service condition. Although a valid JSON Web Token (JWT) is required to exploit this vulnerability, LibreChat allows open registration, enabling unauthenticated attackers to create an account and perform the attack.

Impact

Exploitation of this vulnerability causes the server to crash, leading to a full denial-of-service condition.

Remediation

Users can upgrade to LibreChat version 0.7.6 to address this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

5.5

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

2.5

exploitability

5.5

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LibreChat Denial-of-Service Vulnerability

Vulnerability

Impact

Remediation

Affected Products

danny-avila/librechat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating