CVE-2026-31951

Name of the Vulnerable Software and Affected Versions LibreChat versions 0.8.2-rc1 through 0.8.3-rc1

Description LibreChat, a ChatGPT clone, has an issue where user-created Model Context Protocol (MCP) servers can include arbitrary HTTP headers. These headers are subject to credential placeholder substitution. An attacker can create a malicious MCP server with headers containing {{LIBRECHAT OPENID ACCESS TOKEN}} and other placeholders. When victims call tools on this server, their OAuth tokens can be exfiltrated. The API endpoint is susceptible through the use of malicious MCP servers. The vulnerable parameter is the HTTP header content within the MCP server configuration.

Recommendations Update to version 0.8.3-rc2 or later.