CVE-2026-22252
published 2026-01-12CVE-2026-22252: LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation…
PriorityP270critical9.9CVSS 3.1
AVNACLPRLUINSCCHIHAH
EPSS
3.68%
88.3th percentile
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fixed in v0.8.2-rc2.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| danny-avila | librechat | < v0.8.2-rc2 | v0.8.2-rc2 |
| librechat | librechat | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
Hackernews
Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
blogs_hackernews·2026-04-20·CVSS 8.0
CVE-2025-65720 [HIGH] Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Home
Threat Intelligence
Vulnerabilities
Cyber Attacks
Webinars
Expert Insights
Awards
Webinars
Awards
Free eBooks
About THN
Jobs
Advertise with us
## Anthropic MCP Design Vulnerability Enables RCE, Threatening AI Supply Chain
Cybersecurity researchers have discovered a critical "by design" weakness in the Model Context Protocol's ( MCP ) architecture that could pave the way for remote code execution and have a cascading effect on the artificial intelligence (AI) supply chain.
"This flaw enables Arbitrary Command Execution (RCE) on any system running a vulnerable MCP implementation, granting attackers direct access to sensitive user data, internal databases, API keys, and chat histories," OX Security researchers Moshe Siman Tov Bustan, Mustafa Naamnih, Nir Zadok, and Roni
Wiz
CVE-2026-22252 Impact, Exploitability, and Mitigation Steps | Wiz
blogs_wiz·CVSS 9.1
CVE-2026-22252 [CRITICAL] CVE-2026-22252 Impact, Exploitability, and Mitigation Steps | Wiz
## CVE-2026-22252 :
Chainguard vulnerability analysis and mitigation
LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fixed in v0.8.2-rc2.
Source : NVD
## 9.9
Score
Published January 12, 2026
Severity CRITICAL
CNA Score 9.1
Affected Technologies
Chainguard
LibreChat
Has Public Exploit Yes
Has CISA KEV Exploit No
CISA KEV Release Date N/A
CISA KEV Due Date N/A
Exploitation Probability Percentile (EPSS) 17.6
Exploitation Probability (EPSS) 0.1
Affected packages and libraries
cpe:2.3:a:librechat:librechat
librechat
Sources
Chain
2026-01-12
Published