Description
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId belongs to the requesting user, but the handler calls deleteMessages({ messageId }) using only the messageId as the MongoDB filter — without adding a user constraint. An attacker provides their own valid conversationId (to pass validation) and the victim's messageId (to target deletion), resulting in permanent, irrecoverable message deletion. This vulnerability is fixed in 0.8.4-rc1.
Published: 2026-06-25
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw is in the DELETE /api/messages/:conversationId/:messageId endpoint of the open‑source LibreChat chat application. The validateMessageReq middleware verifies only that the supplied conversationId belongs to the authenticated user, but does not check ownership of the individual message. The code then calls deleteMessages({ messageId }) using solely the messageId as a MongoDB filter, eliminating any user constraint. As a result, an attacker who authenticates and supplies a valid conversationId together with a victim’s messageId can permanently delete that message from another user’s conversation. This unauthorized deletion can occur with any authenticated request, and the data removed is irrecoverable. It is a missing authorization condition flaw (CWE‑862).

Affected Systems

This issue affects all installations of LibreChat prior to version 0.8.4‑rc1. The exposed endpoint is available to authenticated users of the open‑source application, making all users potential targets. The configuration defaults to allowing any authenticated request to reach the deleteMessages route without further permission checks. Updating to 0.8.4‑rc1 or applying the vendor’s patch resolves the problem.

Risk and Exploitability

The CVSS score of 5.3 classifies the flaw as medium severity, but the absence of an EPSS score makes the exploitation probability unclear. It is not listed in CISA’s KEV catalog, so no active exploits are publicly known. If an attacker gains access to a user’s credentials, the lack of authorization in the deleteMessages route enables direct exploitation via a standard HTTP request.

Generated by OpenCVE AI on June 25, 2026 at 17:54 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LibreChat to version 0.8.4‑rc1 or later, which enforces a user filter in deleteMessages().
  • If an upgrade is not immediately possible, modify the deleteMessages handler to verify that the messageId belongs to the authenticated user before performing the deletion.
  • Monitor authentication logs for delete requests and review any unauthorized deletions for investigation.

Generated by OpenCVE AI on June 25, 2026 at 17:54 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Fri, 26 Jun 2026 19:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 25 Jun 2026 22:15:00 +0000

Type Values Removed Values Added
First Time appeared Danny-avila
Danny-avila libre Chat
Vendors & Products Danny-avila
Danny-avila libre Chat

Thu, 25 Jun 2026 16:45:00 +0000

Type Values Removed Values Added
Description LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId belongs to the requesting user, but the handler calls deleteMessages({ messageId }) using only the messageId as the MongoDB filter — without adding a user constraint. An attacker provides their own valid conversationId (to pass validation) and the victim's messageId (to target deletion), resulting in permanent, irrecoverable message deletion. This vulnerability is fixed in 0.8.4-rc1.
Title LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter
Weaknesses CWE-862
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N'}


Subscriptions

Danny-avila Libre Chat
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-26T18:43:04.154Z

Reserved: 2026-06-11T16:57:50.018Z

Link: CVE-2026-54029

cve-icon Vulnrichment

Updated: 2026-06-26T17:50:51.275Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T22:00:12Z

Weaknesses