CVE-2026-34371

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4

Description LibreChat, a ChatGPT clone, is susceptible to an arbitrary file write due to insufficient sanitization of filenames returned by the execute code sandbox. Specifically, the name field from the sandbox is directly used to construct the destination path for code-generated artifacts without proper validation. This allows a user triggering the execute code function to write files to arbitrary locations on the server using path traversal sequences (e.g., ../../../../../app/client/dist/poc.txt) within the filename. The server user's privileges are used for the file write operation.

Recommendations Update LibreChat to version 0.8.4 or later.