Aliceqwas

**Name of the Vulnerable Software and Affected Versions** LibreChat versions prior to 0.8.4 **Description** A cross-agent integrity violation exists where a shared-agent editor can delete file records globally. By using the "DELETE /api/files" endpoint, an editor can remove files that the owner has reused across multiple agents. This action deletes the file entirely rather than just from the shared agent, causing the owner's private agents to break silently because they retain a stale `file id` reference that no longer resolves. **Recommendations** Update to version 0.8.4.