Description
LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and read another user's real-time chat content, including messages, AI responses, and tool invocations. Version 0.8.2 patches the issue.
Published: 2026-03-27
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: Unauthorized access to confidential chat data via IDOR
Action: Upgrade Immediately
AI Analysis

Impact

A flaw in the SSE streaming endpoint permits an authenticated user who has or can guess a valid stream identifier to subscribe without ownership checks, exposing another user's real-time chat content, including messages, AI output, and tool calls. This results in confidentiality compromise and corresponds to a CWE‑284 vulnerability. The attack requires only valid authentication credentials and a stream ID, no additional privileges.

Affected Systems

LibreChat released by danny-avila is affected in versions 0.8.2‑rc2 through 0.8.2‑rc3, which lack stream ownership validation. Version 0.8.2 includes the fix.

Risk and Exploitability

The CVSS score is 5.3, indicating moderate severity. No EPSS data is available, and the issue is not listed in the CISA KEV catalog. The likely attack vector involves an attacker with legitimate credentials who obtains or guesses a stream ID, enabling them to read another user’s private conversations. No public exploits are known, but the vulnerability can be exercised in any environment where the impacted LibreChat instance is exposed. Prompt remediation is advised to prevent potential data leakage.

Generated by OpenCVE AI on March 27, 2026 at 20:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to LibreChat 0.8.2 or newer to apply the stream ownership check patch.

Generated by OpenCVE AI on March 27, 2026 at 20:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 27 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Fri, 27 Mar 2026 19:45:00 +0000

Type Values Removed Values Added
Description LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc2 through 0.8.2-rc3, the SSE streaming endpoint `/api/agents/chat/stream/:streamId` does not verify that the requesting user owns the stream. Any authenticated user who obtains or guesses a valid stream ID can subscribe and read another user's real-time chat content, including messages, AI responses, and tool invocations. Version 0.8.2 patches the issue.
Title LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats
Weaknesses CWE-284
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-03-27T19:55:24.141Z

Reserved: 2026-03-10T15:10:10.657Z

Link: CVE-2026-31950

cve-icon Vulnrichment

Updated: 2026-03-27T19:55:21.101Z

cve-icon NVD

Status : Received

Published: 2026-03-27T20:16:30.217

Modified: 2026-03-27T20:16:30.217

Link: CVE-2026-31950

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-27T20:27:33Z

Weaknesses