Impact
LibreChat up to version 0.8.3 allows authenticated users to inject environment variable references into MCP server URLs during Zod schema validation, enabling the server to transmit critical secrets such as CREDS_KEY, CREDS_IV, JWT_SECRET, and MONGO_URI to an attacker‑controlled domain. This results in full compromise of cryptographic materials and database credentials without requiring administrative privileges.
Affected Systems
The vulnerability affects the LibreChat platform provided by danny-avila. Users running version 0.8.3 or earlier are impacted; the fix is in 0.8.4-rc1.
Risk and Exploitability
The CVSS score is 9.6 indicating high severity. The EPSS score is 3%, indicating a modest probability of exploitation, and the vulnerability is not listed in KEV. Attackers can exploit the flaw by configuring a malicious MCP server URL that references environment variables, causing the LibreChat server to make outbound HTTP requests to a controlled domain and capture credential data. No privilege escalation is required; any authenticated user can create such a configuration.
OpenCVE Enrichment