平台
nodejs
组件
librechat
修复版本
0.8.5
CVE-2026-34371 describes an Arbitrary File Access vulnerability discovered in LibreChat, a ChatGPT clone. This flaw allows attackers to write arbitrary files to the server's filesystem if they can trigger the execute_code sandbox. The vulnerability impacts LibreChat versions 0.0.0 through 0.8.3 and has been resolved in version 0.8.4.
An attacker exploiting this vulnerability can achieve arbitrary file write access on the LibreChat server. This means they could potentially overwrite critical configuration files, inject malicious code, or even gain remote code execution depending on the permissions of the LibreChat server user. The impact is significant, as it bypasses intended security controls within the execute_code sandbox. The ability to write arbitrary files opens the door to a wide range of attacks, including data exfiltration, denial of service, and complete system compromise. The default local file strategy exacerbates the risk, as it directly concatenates user-supplied filenames into the server-side destination path without proper sanitization.
This vulnerability was publicly disclosed on 2026-04-07. There is currently no indication of active exploitation or a KEV listing. Public proof-of-concept code is not yet available, but the vulnerability's nature suggests it could be relatively easy to exploit once a PoC is developed. The lack of a KEV listing suggests a low to medium probability of exploitation in the near term.
Organizations deploying LibreChat with the default local file strategy are particularly at risk. Shared hosting environments where multiple users share the same server and have access to the execute_code sandbox are also vulnerable. Legacy LibreChat installations running older versions (prior to 0.8.4) are exposed to this risk.
• nodejs / server:
find /var/lib/librechat -name 'poc.txt' 2>/dev/null• nodejs / server:
ps aux | grep -i librechat | grep -i 'execute_code'• generic web: Review access logs for requests to endpoints related to code execution, looking for unusual filenames or patterns indicative of traversal attempts.
disclosure
漏洞利用状态
EPSS
0.04% (12% 百分位)
CISA SSVC
CVSS 向量
The primary mitigation for CVE-2026-34371 is to upgrade LibreChat to version 0.8.4 or later, which includes the necessary fix. If upgrading is not immediately feasible, consider implementing a temporary workaround by restricting the executecode sandbox's access to the filesystem. This could involve limiting the directories it can write to or implementing stricter filename validation. Additionally, review server permissions to ensure the LibreChat user has the minimum necessary privileges. Monitoring file system activity for unexpected writes can also help detect potential exploitation. After upgrading, confirm the fix by attempting to trigger the executecode sandbox with a malicious filename containing traversal sequences (e.g., ../../../../../app/client/dist/poc.txt) and verifying that the file is not written.
Actualice LibreChat a la versión 0.8.4 o posterior para mitigar la vulnerabilidad. Esta versión corrige el problema de validación de nombres de archivos, evitando la posibilidad de escritura arbitraria de archivos en el servidor.
漏洞分析和关键警报直接发送到您的邮箱。
CVE-2026-34371 is a vulnerability in LibreChat versions 0.0.0 through 0.8.3 that allows attackers to write arbitrary files to the server's filesystem via the execute_code sandbox.
You are affected if you are running LibreChat versions 0.0.0 through 0.8.3 and are using the default local file strategy for artifact persistence.
Upgrade LibreChat to version 0.8.4 or later. As a temporary workaround, restrict the execute_code sandbox's filesystem access.
There is currently no indication of active exploitation, but the vulnerability's nature suggests it could be exploited once a proof-of-concept is developed.
Refer to the LibreChat project's official release notes and security advisories for details: [https://github.com/LibreChat/LibreChat/releases](https://github.com/LibreChat/LibreChat/releases)