{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-31950", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2026-03-10T15:10:10.657Z", "datePublished": "2026-03-27T19:25:25.007Z", "dateUpdated": "2026-03-27T19:55:24.141Z"}, "containers": {"cna": {"title": "LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f6rf-vm44-wh5g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f6rf-vm44-wh5g"}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "versions": [{"version": ">= 0.8.2-rc2, < 0.8.2", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T19:26:28.894Z"}, "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and read another user's real-time chat content, including messages, AI responses, and tool invocations. Version 0.8.2 patches the issue."}], "source": {"advisory": "GHSA-f6rf-vm44-wh5g", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-27T19:55:17.212435Z", "id": "CVE-2026-31950", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:55:24.141Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-31950", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-27T19:55:17.212435Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-27T19:55:21.101Z"}}], "cna": {"title": "LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats", "source": {"advisory": "GHSA-f6rf-vm44-wh5g", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "danny-avila", "product": "LibreChat", "versions": [{"status": "affected", "version": ">= 0.8.2-rc2, < 0.8.2"}]}], "references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f6rf-vm44-wh5g", "name": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f6rf-vm44-wh5g", "tags": ["x_refsource_CONFIRM"]}], "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and read another user's real-time chat content, including messages, AI responses, and tool invocations. Version 0.8.2 patches the issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-284", "description": "CWE-284: Improper Access Control"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2026-03-27T19:26:28.894Z"}}}, "cveMetadata": {"cveId": "CVE-2026-31950", "state": "PUBLISHED", "dateUpdated": "2026-03-27T19:55:24.141Z", "dateReserved": "2026-03-10T15:10:10.657Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2026-03-27T19:25:25.007Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and read another user's real-time chat content, including messages, AI responses, and tool invocations. Version 0.8.2 patches the issue."}], "id": "CVE-2026-31950", "lastModified": "2026-03-27T20:16:30.217", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2026-03-27T20:16:30.217", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f6rf-vm44-wh5g"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-27T20:21:34.429839+00:00", "value": {"mitigation_remediation": ["Upgrade to LibreChat 0.8.2 or newer to apply the stream ownership check patch."], "summary": {"action": "Upgrade Immediately", "impact": "Unauthorized access to confidential chat data via IDOR"}, "threat_synthesis": {"affected_systems": "LibreChat released by danny-avila is affected in versions 0.8.2\u2011rc2 through 0.8.2\u2011rc3, which lack stream ownership validation. Version 0.8.2 includes the fix.", "description_and_impact": "A flaw in the SSE streaming endpoint permits an authenticated user who has or can guess a valid stream identifier to subscribe without ownership checks, exposing another user's real-time chat content, including messages, AI output, and tool calls. This results in confidentiality compromise and corresponds to a CWE\u2011284 vulnerability. The attack requires only valid authentication credentials and a stream ID, no additional privileges.", "risk_and_exploitability": "The CVSS score is 5.3, indicating moderate severity. No EPSS data is available, and the issue is not listed in the CISA KEV catalog. The likely attack vector involves an attacker with legitimate credentials who obtains or guesses a stream ID, enabling them to read another user\u2019s private conversations. No public exploits are known, but the vulnerability can be exercised in any environment where the impacted LibreChat instance is exposed. Prompt remediation is advised to prevent potential data leakage."}}}}, "created": "2026-03-27T20:27:33.307141+00:00", "updated": "2026-03-27T20:27:33.307173+00:00", "vendors": []}