CVE-2026-31944

Name of the Vulnerable Software and Affected Versions LibreChat versions 0.8.2 through 0.8.2-rc3

Description LibreChat is a ChatGPT clone with additional features. The MCP (Model Context Protocol) OAuth callback endpoint does not verify that the browser hitting the redirect URL is logged in or that the logged-in user matches the initiator. This allows an attacker to obtain a victim’s OAuth tokens after sending them an authorization URL, leading to account takeover of the victim’s MCP-linked services, such as Atlassian and Outlook. The issue is a confused deputy problem.

Recommendations Update to version 0.8.3-rc1 or later.