CVE-2026-31943 - Vulnerability Details

- LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

Description

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources — including cloud metadata services (e.g., AWS `169.254.169.254`), loopback, and RFC1918 ranges. Version 0.8.3 fixes the issue.

Published: 2026-03-27

Score: 8.5 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

The flaw resides in the isPrivateIP function, which fails to recognize IPv4‑mapped IPv6 addresses written in their hex‑normalized form. An authenticated user can craft a request that disguises a private IPv4 address as an IPv6 literal, thereby bypassing the server‑side request forgery (SSRF) filter. The server will then resolve the address and send an HTTP request to target internal network resources, including cloud metadata services, loopback interfaces, and RFC1918 ranges. This allows an attacker to read internal data, obtain sensitive configuration or authentication credentials, and potentially pivot to other internal services.

Affected Systems

LibreChat, managed by danny‑avila, is affected in all releases prior to version 0.8.3, including the 0.8.3‑rc1 and 0.8.3‑rc2 builds. The issue is resolved in 0.8.3 and later versions.

Risk and Exploitability

The vulnerability has a CVSS score of 8.5, indicating high severity. EPSS is reported below 1%, suggesting low current exploit activity, but the flaw is not listed in the CISA KEV catalog. Attackers must be authenticated to the service; through the protected API, they can send a crafted request that makes the server reach internal IP addresses. The successful exploitation could expose confidential data and enable lateral movement within the internal network.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

danny-avila

LibreChat

affected

Version	Status	Constraints
`< 0.8.3`	affected	—

Configuration 1 [-]

OR	cpe:2.3:a:librechat:librechat::::::::
	cpe:2.3:a:librechat:librechat:0.8.3:rc1::::::
	cpe:2.3:a:librechat:librechat:0.8.3:rc2::::::

No data.

Vendor Product Confidence Versions

Danny-avila

Libre Chat

98%

Version	Status	Scheme	Platform
`[0,0.8.3)`	affected	semver	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade LibreChat to version 0.8.3 or later to apply the fix.
Verify that SSRF protection is functioning after the update by testing requests to private IP addresses.
If an upgrade cannot be performed immediately, restrict API input to disallow IPv4‑mapped IPv6 addresses or block access to internal IP ranges until the patch is applied.

Generated by OpenCVE AI on March 31, 2026 at 06:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.0003.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c

History

Wed, 01 Apr 2026 02:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Tue, 31 Mar 2026 03:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Librechat Librechat librechat
CPEs		cpe:2.3:a:librechat:librechat:::::::: cpe:2.3:a:librechat:librechat:0.8.3:rc1:::::: cpe:2.3:a:librechat:librechat:0.8.3:rc2::::::
Vendors & Products		Librechat Librechat librechat

Mon, 30 Mar 2026 07:15:00 +0000

Type	Values Removed	Values Added
First Time appeared		Danny-avila Danny-avila libre Chat
Vendors & Products		Danny-avila Danny-avila libre Chat

Fri, 27 Mar 2026 19:45:00 +0000

Type	Values Removed	Values Added
Description		LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources — including cloud metadata services (e.g., AWS `169.254.169.254`), loopback, and RFC1918 ranges. Version 0.8.3 fixes the issue.
Title		LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP
Weaknesses		CWE-918
References		https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c
Metrics		cvssV3_1 `{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N'}`

Subscriptions

Danny-avila Libre Chat

Librechat Librechat

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-03-27T19:21:50.653Z

Updated: 2026-03-31T19:10:14.342Z

Reserved: 2026-03-10T15:10:10.656Z

Link: CVE-2026-31943

Vulnrichment

Updated: 2026-03-31T19:08:23.278Z

NVD

Status : Modified

Published: 2026-03-27T20:16:29.897

Modified: 2026-03-31T20:16:27.063

Link: CVE-2026-31943

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-03-31T20:00:52Z

Weaknesses

CWE-918

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact Low

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object