Librechat · Librechat · CVE-2026-31944
**Name of the Vulnerable Software and Affected Versions**
LibreChat versions 0.8.2 through 0.8.2-rc3
**Description**
LibreChat is a ChatGPT clone with additional features. The MCP (Model Context Protocol) OAuth callback endpoint does not verify that the browser hitting the redirect URL is logged in or that the logged-in user matches the initiator. This allows an attacker to obtain a victim’s OAuth tokens after sending them an authorization URL, leading to account takeover of the victim’s MCP-linked services, such as Atlassian and Outlook. The issue is a confused deputy problem.
**Recommendations**
Update to version 0.8.3-rc1 or later.