Impact
LibreChat permits authenticated users to set custom OpenAI‑compatible API base URLs. The application concatenates the supplied baseURL into HTTP requests without performing any SSRF checks such as private‑IP filtering, scheme restrictions, or DNS pinning. Consequently, an attacker can point the baseURL to internal network addresses or other non‑public endpoints, causing LibreChat to issue requests to those targets and potentially expose sensitive internal data or act as a pivot for further attacks.
Affected Systems
The affected vendor is danny‑avila, product LibreChat. Versions before 0.8.4‑rc1 are vulnerable.
Risk and Exploitability
The CVSS score of 7.7 indicates a high severity. The EPSS score is not available, and the vulnerability is not listed in CISA’s KEV catalog. An attacker needs authentication and permission to edit the baseURL configuration; from that position they can dispatch requests to any target resolved by the baseURL, including private IPs and internal services, as no checks enforce scheme or address restrictions.
OpenCVE Enrichment