Vulnerabilities

CVE-2026-33265

by Fred · 18/03/2026

In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API.

More information : https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass

Similar

Tags: Cybersecurity Alert