CVE-2026-4276 PUBLISHED

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.

Assigner: certcc
Reserved: 16.03.2026 Published: 16.03.2026 Updated: 16.03.2026

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.

Product Status

Vendor LibreChat
Product RAG API
Versions
  • Version 0.7.0 is affected

References

Problem Types

  • CWE-20 Improper Input Validation
  • CWE-117 Improper Output Neutralization for Logs