CVE-2026-31949

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.3-rc1

Description A denial of service issue exists in the DELETE /api/convos endpoint of LibreChat. An authenticated attacker can cause the Node.js server process to crash by submitting specially crafted requests. The issue occurs because the server attempts to destructure req.body.arg without first verifying its existence, leading to an unhandled TypeError that terminates the process. The DELETE /api/convos route handler is affected. The req.body.arg variable is vulnerable.

Recommendations Update to version 0.8.3-rc1 or later.