Description
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys management endpoint (PUT /api/keys). Due to the use of the JavaScript object spread operator after setting the authenticated user's ID, any authenticated user can inject a userId parameter in the request body to overwrite any other user's API keys (e.g., OpenAI, Anthropic, Azure). This allows an attacker to replace a victim's API key configuration, potentially routing the victim's conversations through attacker-controlled keys or denying service by providing invalid keys. This is patched in version 0.8.3-rc1.
Published: 2026-06-02
Score: 7.1 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is an Insecure Direct Object Reference that allows any authenticated user to overwrite another user’s API keys via the PUT /api/keys endpoint. It is enabled by the JavaScript object spread operator that overwrites the authenticated user’s identifier, allowing injection of a userId in the request body. The attacker can replace a victim’s keys for OpenAI, Anthropic, Azure, or similar services, redirecting conversations or causing denial of service. The weakness is classified as CWE‑862. The impact is loss of confidentiality and integrity of third‑party API usage and disruption of service for the victim user.

Affected Systems

The affected product is LibreChat from the vendor danny‑avila, in all releases up to and including version 0.7.6. The vulnerability is patched in version 0.8.3‑rc1. Versions beyond 0.8.3‑rc1 are not affected.

Risk and Exploitability

The CVSS score of 7.1 indicates medium‑to‑high severity. The EPSS score is not available, and the vulnerability is not yet listed in CISA KEV. The integration of the IDOR is limited to authenticated users, who can supply any userId in the request body. A successful exploit allows overwriting of another user’s API keys, potentially steering conversations to attacker‑controlled services or causing denial of service. The upstream example also indicates that the attack does not require elevated privileges beyond a valid user account. The attack vector is a direct API call, so network penetration is not required.

Generated by OpenCVE AI on June 3, 2026 at 03:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LibreChat to version 0.8.3‑rc1 or later, which removes the IDOR by validating the userId against the authenticated session.
  • If an upgrade cannot be performed immediately, restrict the /api/keys endpoint so that the userId in the request body must match the authenticated user’s identifier, or disable external key updates for users.
  • Monitor server logs and usage metrics for unexpected API key changes and investigate any unauthorized modifications.

Generated by OpenCVE AI on June 3, 2026 at 03:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 03 Jun 2026 14:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 03 Jun 2026 04:00:00 +0000

Type Values Removed Values Added
First Time appeared Danny-avila
Danny-avila libre Chat
Vendors & Products Danny-avila
Danny-avila libre Chat

Wed, 03 Jun 2026 02:30:00 +0000

Type Values Removed Values Added
Description LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys management endpoint (PUT /api/keys). Due to the use of the JavaScript object spread operator after setting the authenticated user's ID, any authenticated user can inject a userId parameter in the request body to overwrite any other user's API keys (e.g., OpenAI, Anthropic, Azure). This allows an attacker to replace a victim's API key configuration, potentially routing the victim's conversations through attacker-controlled keys or denying service by providing invalid keys. This is patched in version 0.8.3-rc1.
Title LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 7.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L'}

Subscriptions

Danny-avila Libre Chat
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-03T13:12:43.716Z

Reserved: 2026-03-10T15:10:10.656Z

Link: CVE-2026-31942

cve-icon Vulnrichment

Updated: 2026-06-03T13:12:38.006Z

cve-icon NVD

Status : Received

Published: 2026-06-02T23:16:35.687

Modified: 2026-06-02T23:16:35.687

Link: CVE-2026-31942

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-03T04:00:13Z

Weaknesses