Primary

Context

LibreChat Meilisearch Chat Reading Vulnerability

Vulnerability

Patched

A vulnerability in LibreChat versions 0.0.6 through 0.7.7-rc1 allows unauthorized access to arbitrary chats stored in the Meilisearch engine. This issue arises from an exposed testing endpoint, '/api/search/test', which lacks proper access controls, enabling the reading of chats from any user.

Impact

This vulnerability allows for the unauthorized reading of chats from all users.

Reproduction

To reproduce this vulnerability, send a GET request to the '/api/search/test' endpoint with a query parameter 'q' containing a unique identifier from a chat. Include an authorization bearer token in the request. The response will contain the chat details, including the text and sender information.

Remediation

Users can update to LibreChat version 0.7.7 or later, where this vulnerability has been fixed.

Added: Aug 5, 2025, 5:22 AM

Updated: Aug 5, 2025, 5:22 AM

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.8

exploitability

9.1

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.4

impact

0.8

exploitability

9.1

remediation

7.7

relevance

0.3

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

LibreChat Meilisearch Chat Reading Vulnerability

Vulnerability

Impact

Reproduction

Remediation

Affected Products

LibreChat

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating