Description
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources — including cloud metadata services (e.g., AWS `169.254.169.254`), loopback, and RFC1918 ranges. Version 0.8.3 fixes the issue.
Published: 2026-03-27
Score: 8.5 High
EPSS: n/a
KEV: No
Impact: Server Side Request Forgery
Action: Apply Patch
AI Analysis

Impact

LibreChat’s isPrivateIP() function incorrectly ignores IPv4-mapped IPv6 addresses in their hex‑normalized form, allowing authenticated users to manipulate the server into making outbound HTTP requests to internal addresses. This bypass enables the attacker to access internal resources such as cloud metadata services, loopback interfaces, or RFC1918 networks, potentially leaking confidential data or facilitating further attacks.

Affected Systems

The issue affects the LibreChat application from the vendor danny-avila. All releases prior to version 0.8.3 are vulnerable. Version 0.8.3 and later include a fix that properly detects IPv4‑mapped IPv6 addresses.

Risk and Exploitability

The CVSS score of 8.5 indicates a high severity vulnerability. While the EPSS score is not available and the CVE is not listed in the CISA KEV catalog, exploitation requires an authenticated user and can directly expose internal network services. The vulnerability’s impact is significant, permitting arbitrary internal requests that can lead to data disclosure, credential leakage, or further compromise of the internal network.

Generated by OpenCVE AI on March 27, 2026 at 20:22 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LibreChat to version 0.8.3 or newer

Generated by OpenCVE AI on March 27, 2026 at 20:22 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
Description LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources — including cloud metadata services (e.g., AWS `169.254.169.254`), loopback, and RFC1918 ranges. Version 0.8.3 fixes the issue.
Title LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP
Weaknesses CWE-918
References
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-27T19:21:50.653Z

Reserved: 2026-03-10T15:10:10.656Z

Link: CVE-2026-31943

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-03-27T20:16:29.897

Modified: 2026-03-27T20:16:29.897

Link: CVE-2026-31943

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:27:35Z

Weaknesses