Description
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen session) even when 2FA is already fully enabled on the account. This endpoint overwrites the existing TOTP secret, generates new backup codes, and sets twoFactorEnabled to false — all without requiring any TOTP or backup code verification. An attacker with a valid session token can completely take over a victim's 2FA, locking the legitimate user out of their own two-factor authentication. This vulnerability is fixed in 0.8.4-rc1.
Published: 2026-06-25
Score: 5.3 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

LibreChat permits an authenticated user, or an attacker who has stolen a session token, to call the /api/auth/2fa/enable endpoint even when two‑factor authentication (2FA) is already active. The request overwrites the user’s TOTP secret, generates new backup codes, and disables 2FA without requiring the current TOTPs or backup codes, effectively giving the attacker full control over the victim’s 2FA configuration and locking out the legitimate user.

Affected Systems

The vulnerability affects all LibreChat releases produced by danny‑avila that precede version 0.8.4‑rc1. Any installation on these versions exposes user accounts to the possibility of 2FA takeover.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and EPSS data is not available; the issue is not listed in CISA’s KEV catalog. However, the attack requires only a valid authenticated session, so an attacker who has compromised or stolen a session cookie can invoke the vulnerable endpoint and deactivate 2FA altogether. Because 2FA is a critical authentication layer, the practical impact on account security is high, and the vulnerability is fully remedied by installing the updated release that disables the insecure behavior.

Generated by OpenCVE AI on June 25, 2026 at 16:28 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LibreChat to version 0.8.4‑rc1 or later, which removes the unsafe endpoint.
  • Invalidate all existing user sessions to limit the impact of any stolen or compromised session tokens.
  • Monitor API usage for anomalous /api/auth/2fa/enable calls and enforce stricter session validation to detect and block unauthorized attempts.

Generated by OpenCVE AI on June 25, 2026 at 16:28 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 25 Jun 2026 16:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 25 Jun 2026 15:45:00 +0000

Type Values Removed Values Added
Description LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the GET /api/auth/2fa/enable endpoint can be called by an authenticated user (or attacker with a stolen session) even when 2FA is already fully enabled on the account. This endpoint overwrites the existing TOTP secret, generates new backup codes, and sets twoFactorEnabled to false — all without requiring any TOTP or backup code verification. An attacker with a valid session token can completely take over a victim's 2FA, locking the legitimate user out of their own two-factor authentication. This vulnerability is fixed in 0.8.4-rc1.
Title LibreChat: 2FA Re-enrollment Allows Full Account 2FA Takeover Without OTP Verification
Weaknesses CWE-306
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-06-25T16:01:59.612Z

Reserved: 2026-06-11T16:57:50.019Z

Link: CVE-2026-54036

cve-icon Vulnrichment

Updated: 2026-06-25T16:01:39.077Z

cve-icon NVD

No data.

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-25T16:30:15Z

Weaknesses
  • CWE-306

    Missing Authentication for Critical Function