CVE-2026-33265

Name of the Vulnerable Software and Affected Versions LibreChat version 0.8.1-rc2

Description A logged-in user can obtain a JWT (JSON Web Token) for both the LibreChat API and the RAG API. This allows access to both APIs with the user's credentials. The JWT token can be abused.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.