Platform
nodejs
Component
librechat
Fixed in
0.8.5
CVE-2026-34371 describes an Arbitrary File Access vulnerability discovered in LibreChat, a ChatGPT clone. This flaw allows attackers to write arbitrary files to the server's filesystem if they can trigger the execute_code sandbox. The vulnerability impacts LibreChat versions 0.0.0 through 0.8.3 and has been resolved in version 0.8.4.
An attacker exploiting this vulnerability can achieve arbitrary file write access on the LibreChat server. This means they could potentially overwrite critical configuration files, inject malicious code, or even gain remote code execution depending on the permissions of the LibreChat server user. The impact is significant, as it bypasses intended security controls within the execute_code sandbox. The ability to write arbitrary files opens the door to a wide range of attacks, including data exfiltration, denial of service, and complete system compromise. The default local file strategy exacerbates the risk, as it directly concatenates user-supplied filenames into the server-side destination path without proper sanitization.
This vulnerability was publicly disclosed on 2026-04-07. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is developed. The lack of a KEV listing suggests a low to medium probability of exploitation in the near term.
Exploit Status
EPSS
0.04% (12% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2026-34371 is to upgrade LibreChat to version 0.8.4 or later, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing a temporary workaround by restricting the executecode sandbox's access to the filesystem. This could involve limiting the directories it can write to or implementing stricter filename validation. Additionally, review server permissions to ensure the LibreChat user has the minimum necessary privileges. Monitoring file system activity for unexpected writes can also help detect potential exploitation. After upgrading, confirm the fix by attempting to trigger the executecode sandbox with a malicious filename containing traversal sequences (e.g., ../../../../../app/client/dist/poc.txt) and verifying that the file is not written.
Update LibreChat to version 0.8.4 or later to mitigate the vulnerability. This version corrects the file name validation issue, preventing the possibility of arbitrary file writes on the server.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-34371 is a vulnerability in LibreChat versions 0.0.0 through 0.8.3 that allows attackers to write arbitrary files to the server's filesystem via the execute_code sandbox.
You are affected if you are running LibreChat versions 0.0.0 through 0.8.3 and are using the default local file strategy for artifact persistence.
Upgrade LibreChat to version 0.8.4 or later. As a temporary workaround, restrict the execute_code sandbox's filesystem access.
There is currently no indication of active exploitation, but the vulnerability's nature suggests it could be exploited once a proof-of-concept is developed.
Refer to the LibreChat project's official release notes and security advisories for details: [https://github.com/LibreChat/LibreChat/releases](https://github.com/LibreChat/LibreChat/releases)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.