Vulnerability Description
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool_resources (e.g., context, execute_code) without verifying ownership or EDIT permission on the target agent. A permission check was added to the POST /api/files route in a previous patch, but the image upload route was never updated with the same check. An attacker can simply use the image endpoint instead of the file endpoint to bypass the authorization entirely. This vulnerability is fixed in 0.8.4-rc1.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Librechat | Librechat | <= 0.8.3 |
Related Weaknesses (CWE)
References
- https://github.com/danny-avila/LibreChat/security/advisories/GHSA-c55r-p24w-hcj5ExploitVendor Advisory
- https://github.com/danny-avila/LibreChat/security/advisories/GHSA-c55r-p24w-hcj5ExploitVendor Advisory
FAQ
What is CVE-2026-54027?
CVE-2026-54027 is a vulnerability with a CVSS score of 6.5 (MEDIUM). LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any authenticated user to upload files into any agent's tool_...
How severe is CVE-2026-54027?
CVE-2026-54027 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2026-54027?
Check the references section above for vendor advisories and patch information. Affected products include: Librechat Librechat.