Chatchat-Space Langchain-Chatchat vulnerabilities
7 known vulnerabilities affecting chatchat-space/langchain-chatchat.
Total CVEs
7
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH1MEDIUM2LOW3
Vulnerabilities
Page 1 of 1
CVE-2025-6853P2CRITICALCVSS 9.8≤ 0.3.1v0.3.0+1 more2025-06-29
CVE-2025-6853 [CRITICAL] CWE-22 CVE-2025-6853: A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3
A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to initiate the attack remotely. The exploit has been di
ghsanvdosv
CVE-2025-6855P3HIGHCVSS 8.8≤ 0.3.1v0.3.0+1 more2025-06-29
CVE-2025-6855 [HIGH] CWE-22 CVE-2025-6855: A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatch
A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may be used.
ghsanvdosv
CVE-2026-7844P3MEDIUMCVSS 6.3v0.3.1.0v0.3.1.1+2 more2026-05-05
CVE-2026-7844 [MEDIUM] CWE-287 CVE-2026-7844: A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability
A vulnerability was detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Compatible File Service. The manipulation results in missing authenticatio
nvd
CVE-2025-6854P4MEDIUMCVSS 4.3≤ 0.3.1v0.3.0+1 more2025-06-29
CVE-2025-6854 [MEDIUM] CWE-22 CVE-2025-6854: A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1
A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
ghsanvdosv
CVE-2026-7846P4LOWCVSS 2.6v0.3.1.0v0.3.1.1+2 more2026-05-05
CVE-2026-7846 [LOW] CWE-362 CVE-2026-7846: A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the f
A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to time-of-check time-of-use. Access to the local network i
ghsanvd
CVE-2026-7847P4LOWCVSS 2.6v0.3.1.0v0.3.1.1+2 more2026-05-05
CVE-2026-7847 [LOW] CWE-310 CVE-2026-7847: A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element i
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently random values. Access to the local network is required for
ghsanvd
CVE-2026-7845P4LOWCVSS 2.6v0.3.1.0v0.3.1.1+2 more2026-05-05
CVE-2026-7845 [LOW] CWE-327 CVE-2026-7845: A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the fun
A flaw has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. This issue affects the function PIL.Image.tobytes of the file libs/chatchat-server/chatchat/webui_pages/dialogue/dialogue.py of the component Vision Chat Paste Image Handler. This manipulation of the argument paste_image.image_data causes use of weak hash. The attacker needs to be
ghsanvd