{"dataType": "CVE_RECORD", "cveMetadata": {"cveId": "CVE-2026-33265", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "state": "PUBLISHED", "assignerShortName": "mitre", "dateReserved": "2026-03-18T11:17:44.668Z", "datePublished": "2026-03-18T11:17:45.271Z", "dateUpdated": "2026-03-18T14:04:31.080Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "product": "LibreChat", "vendor": "LibreChat", "versions": [{"status": "affected", "version": "0.8.1-rc2", "versionType": "semver"}]}], "descriptions": [{"lang": "en", "value": "In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Spheres", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-18T11:29:47.750Z"}, "references": [{"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass"}, {"url": "https://www.openwall.com/lists/oss-security/2026/03/18/3"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-18T13:54:12.743987Z", "id": "CVE-2026-33265", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:04:31.080Z"}}]}, "dataVersion": "5.2"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2026-33265", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-18T13:54:12.743987Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-18T14:03:20.385Z"}}], "cna": {"metrics": [{"format": "CVSS", "cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.3, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "LibreChat", "product": "LibreChat", "versions": [{"status": "affected", "version": "0.8.1-rc2", "versionType": "semver"}], "defaultStatus": "unknown"}], "references": [{"url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass"}, {"url": "https://www.openwall.com/lists/oss-security/2026/03/18/3"}], "x_generator": {"engine": "CVE-Request-form 0.0.1"}, "descriptions": [{"lang": "en", "value": "In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-669", "description": "CWE-669 Incorrect Resource Transfer Between Spheres"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2026-03-18T11:29:47.750Z"}}}, "cveMetadata": {"cveId": "CVE-2026-33265", "state": "PUBLISHED", "dateUpdated": "2026-03-18T14:04:31.080Z", "dateReserved": "2026-03-18T11:17:44.668Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2026-03-18T11:17:45.271Z", "assignerShortName": "mitre"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:librechat:librechat:0.8.1:rc2:*:*:*:*:*:*", "matchCriteriaId": "EF5CED68-4B6B-4E56-A41E-92DC7E7DD94D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API."}, {"lang": "es", "value": "En LibreChat 0.8.1-rc2, un usuario autenticado obtiene un JWT tanto para la API de LibreChat como para la API de RAG."}], "id": "CVE-2026-33265", "lastModified": "2026-03-24T18:40:34.633", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.0, "impactScore": 3.7, "source": "cve@mitre.org", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "ADJACENT_NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2026-03-18T12:16:19.850", "references": [{"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory"], "url": "https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Mailing List", "Third Party Advisory"], "url": "https://www.openwall.com/lists/oss-security/2026/03/18/3"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-669"}], "source": "cve@mitre.org", "type": "Primary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.8.1-rc2"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "LibreChat", "source": "cna", "vendor": "LibreChat"}, "product": "librechat", "vendor": "librechat"}], "analysis": {"en": {"generated_at": "2026-03-24T19:54:01.560370+00:00", "value": {"mitigation_remediation": ["Upgrade LibreChat to the latest stable release that includes the fixed token issuance logic", "If an update is not immediately available, revoke any existing RAG API JWTs issued by the vulnerable release and enforce stricter token generation rules", "Restrict network access to the RAG API to trusted hosts or internal segments via firewall or API gateway controls"], "summary": {"action": "Immediate Patch", "impact": "Unrestricted access to the RAG API via JWT reuse"}, "threat_synthesis": {"affected_systems": "The vulnerability targets LibreChat version 0.8.1\u2011rc2, affecting all deployments of that release on any platform. The issue resides in the token issuance endpoint for that specific release; newer stable releases that contain the fixed logic are not affected at this time.", "description_and_impact": "An authenticated LibreChat user can retrieve a JSON Web Token that authorizes them to call the RAG API, bypassing the intended separation between the LibreChat API and the RAG API. Because the token can be used to invoke any operation that the RAG API supports, an attacker might read, update, or delete RAG\u2011specific data, thereby impacting confidentiality and integrity. The flaw is classified as CWE\u2011669, an unintended cross\u2011component access control violation. Based on the description, it is inferred that the misuse of the token would allow the attacker to perform the full set of RAG API actions, which could include sensitive data exposure or alteration.", "risk_and_exploitability": "The CVSS score of 6.3 denotes medium severity, while the EPSS score of less than 1% indicates a low likelihood of exploitation currently. The attack vector requires the user to be already authenticated to the application, so it is local from an attacker\u2019s perspective (or requires compromised credentials). No public exploits are documented, as the vulnerability is not listed in CISA\u2019s KEV catalog. Nonetheless, the potential for data compromise or policy violation remains significant for organizations running the affected version."}}}}, "created": "2026-03-19T08:56:43.041264+00:00", "updated": "2026-03-25T11:52:49.800363+00:00", "vendors": ["librechat", "librechat$PRODUCT$librechat"]}