CVE-2026-32625

Name of the Vulnerable Software and Affected Versions LibreChat versions prior to 0.8.4-rc1

Description LibreChat is an enhanced ChatGPT clone supporting multiple AI providers. The Model Context Protocol (MCP) server integration improperly resolves ${VAR} placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. An authenticated user can create a malicious MCP server configuration with a URL pointing to an attacker-controlled domain containing environment variable references. This causes the LibreChat server to connect to the attacker's server and transmit critical secrets in the request URL, such as CREDS KEY, CREDS IV, JWT SECRET, and MONGO URI. This flaw allows for the full compromise of the installation's cryptographic materials and database credentials without requiring administrative privileges. Over 14,800 results were identified via FOFA queries in the past year.

Recommendations Upgrade to version 0.8.4-rc1 or later.