cbcvebase.
CVE-2026-31951
published 2026-03-27

CVE-2026-31951: LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model Context Protocol) servers can include…

PriorityP433medium5.7CVSS 3.1
AVNACLPRLUIRSUCHINAN
EPSS
0.24%
15.4th percentile
LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model Context Protocol) servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containing `{{LIBRECHAT_OPENID_ACCESS_TOKEN}}` (and others), causing victims who call tools on that server to have their OAuth tokens exfiltrated. Version 0.8.3-rc2 fixes the issue.

Affected

3 ranges
VendorProductVersion rangeFixed in
danny-avilalibrechat
librechatlibrechat
librechatlibrechat>= 0.8.2 < 0.8.30.8.3
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.