PT-2026-25367 · Librechat · Librechat
Danny-Avila
·
Published
2026-03-13
·
Updated
2026-03-13
·
CVE-2026-31949
CVSS v2.0
6.8
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
LibreChat versions prior to 0.8.3-rc1
Description
A denial of service issue exists in the
DELETE /api/convos endpoint of LibreChat. An authenticated attacker can cause the Node.js server process to crash by submitting specially crafted requests. The issue occurs because the server attempts to destructure req.body.arg without first verifying its existence, leading to an unhandled TypeError that terminates the process. The DELETE /api/convos route handler is affected. The req.body.arg variable is vulnerable.Recommendations
Update to version 0.8.3-rc1 or later.
Exploit
Fix
DoS
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Librechat