CVE-2026-54029 - Vulnerability Details

Description

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId belongs to the requesting user, but the handler calls deleteMessages({ messageId }) using only the messageId as the MongoDB filter — without adding a user constraint. An attacker provides their own valid conversationId (to pass validation) and the victim's messageId (to target deletion), resulting in permanent, irrecoverable message deletion. This vulnerability is fixed in 0.8.4-rc1.

Published: 2026-06-25

Score: 5.3 Medium

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Impact

The vulnerability exists in the DELETE /api/messages/:conversationId/:messageId endpoint of LibreChat, where an authenticated user can delete any message from another user’s conversation. The handler performs only conversationId validation but then deletes by messageId alone, allowing an attacker to supply a victim’s messageId after passing ownership checks. Removing a message is permanent and results in loss of data, posing confidentiality risk due to unauthorized data removal. This flaw is a missing authorization weakness (CWE‑862).

Affected Systems

This issue affects all installations of LibreChat prior to version 0.8.4‑rc1. The exposed endpoint is available to authenticated users of the open-source application, making all users potential targets. The configuration defaults to allowing any authenticated request to reach the deleteMessages route without further permission checks. Updating to 0.8.4‑rc1 or applying the vendor’s patch resolves the problem.

Risk and Exploitability

The CVSS score of 5.3 classifies the flaw as medium severity, but the absence of an EPSS score makes the exploitation probability unclear. It is not listed in CISA’s KEV catalog, so no active exploits are publicly known. If an attacker gains access to a user’s credentials, the lack of authorization in the deleteMessages route enables direct exploitation via a standard HTTP request.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

danny-avila

LibreChat

affected

Version	Status	Constraints
`< 0.8.4-rc1`	affected	—

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade LibreChat to version 0.8.4‑rc1 or later, which enforces a user filter in deleteMessages().
If an upgrade is not immediately possible, modify the deleteMessages handler to verify that the messageId belongs to the authenticated user before performing the deletion.
Monitor authentication logs for delete requests and review any unauthorized deletions for investigation.

Generated by OpenCVE AI on June 25, 2026 at 17:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://github.com/danny-avila/LibreChat/security/advisories/GHSA-8892-xj8q-59xc

History

Thu, 25 Jun 2026 16:45:00 +0000

Type	Values Removed	Values Added
Description		LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId endpoint allows any authenticated user to delete any other user's messages. The validateMessageReq middleware only validates that the conversationId belongs to the requesting user, but the handler calls deleteMessages({ messageId }) using only the messageId as the MongoDB filter — without adding a user constraint. An attacker provides their own valid conversationId (to pass validation) and the victim's messageId (to target deletion), resulting in permanent, irrecoverable message deletion. This vulnerability is fixed in 0.8.4-rc1.
Title		LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter
Weaknesses		CWE-862
References		https://github.com/danny-avila/LibreChat/security/advisories/GHSA-8892-xj8q-59xc
Metrics		cvssV3_1 `{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2026-06-25T15:51:23.822Z

Updated: 2026-06-25T15:51:23.822Z

Reserved: 2026-06-11T16:57:50.018Z

Link: CVE-2026-54029

Vulnrichment

No data.

NVD

No data.

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-06-25T17:30:05Z

Weaknesses

CWE-862
Missing Authorization

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object