Vulnerability Description
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls through to the default renderer. LibreChat's generateMarkdownHtml function (in client/src/utils/markdown.ts) installs a custom image renderer that returns false for URLs passing the isSafeUrl allowlist check, which causes marked to fall back to its built-in renderer. That built-in renderer inserts the raw alt text into the alt="..." attribute without escaping double-quote characters. An attacker can craft an alt text such as " onload="payload to break out of the attribute and inject an arbitrary event handler. The resulting HTML is then assigned to document.getElementById('content').innerHTML inside the Sandpack preview iframe, causing the payload to execute in the victim's browser. This vulnerability is fixed in 0.8.4-rc1.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://github.com/danny-avila/LibreChat/security/advisories/GHSA-3phr-62qf-cxf3
- https://github.com/danny-avila/LibreChat/security/advisories/GHSA-3phr-62qf-cxf3
FAQ
What is CVE-2026-54025?
CVE-2026-54025 is a vulnerability with a CVSS score of 5.4 (MEDIUM). LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 ...
How severe is CVE-2026-54025?
CVE-2026-54025 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-54025?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.