CVE-2026-7847

Name of the Vulnerable Software and Affected Versions Langchain-Chatchat versions prior to 0.3.1.4

Description An issue exists in the Uploaded File Handler component within the get file id() function of the file libs/chatchat-server/chatchat/server/api server/openai routes.py. Manipulation of this function can result in the generation of insufficiently random values. Successful exploitation requires access to the local network and is characterized by high complexity and difficult exploitability.

Recommendations As a temporary workaround, consider restricting access to the get file id() function until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.