LibreChat versions 0.8.2‑rc2 through 0.8.2 contain a Server‑Side Request Forgery weakness (CWE‑918) that allows an attacker to supply a URL via agent actions or MCP and have the server resolve it without checking for private addresses. The result is that LibreChat can reach internal endpoints such as a private RAG API or cloud instance metadata services, potentially exposing sensitive data or enabling further attacks. The CVSS base score of 7.7 reflects the ability to obtain data without authentication and to impact confidentiality and integrity.

The affected product is LibreChat released by the vendor 'danny‑avila'. Affected versions are 0.8.2‑rc2 through 0.8.2 inclusive. A fix that restores proper DNS validation and prevents access to private IPs is available in version 0.8.3‑rc1. No other product or vendor information is provided.

The likely attack vector is remote network access where an attacker can send a crafted request to LibreChat through its chat interface or API. Because the service lacks private‑IP filtering, an attacker can reach internal resources, securing sensitive data or credentials. The CVSS score of 7.7 indicates a high severity, and the lack of an EPSS score for this vulnerability does not diminish its potential impact. Since the vulnerability is not listed in CISA’s KEV catalog, no known exploits are publicly documented, but the presence of the flaw and the high score suggest that monitoring and rapid mitigation are prudent.