CVE-2026-4276 Librechat — Exploit & Vulnerability Details HIGH

CVE-2026-4276

HIGH CVSS 3.1: 7.5 EPSS 0.06%

Parameter	Value
CVSS	7.5 (HIGH)
Type	CWE-20 Improper Input Validation, CWE-117 Improper Output Neutralization for Logs
Vendor	Librechat
Public PoC	No

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

None

No privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

None

No data leak

Integrity

High

Complete data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-20 Improper Input Validation

CWE-117 Improper Output Neutralization for Logs

Vulnerable Products

librechat:rag api

References 2

https://kb.cert.org/vuls/id/624941

NVD

https://www.kb.cert.org/vuls/id/624941

af854a3a-2127-422b-91ae-364da2661108

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-31949

Librechat

6.5

CVE-2026-31944

Atlassian

7.6

CVE-2026-22252

Librechat

9.9

CVE-2025-69222

Librechat

8.1

CVE-2025-69221

Librechat

4.3

Menu

CVE-2026-4276

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products

References 2

Related Vulnerabilities

CVE-2026-31949

CVE-2026-31944

CVE-2026-22252

CVE-2025-69222

CVE-2025-69221

CVE Details

Editor's Choice

Menu

CVE-2026-4276

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

Vulnerable Products

References 2

Related Vulnerabilities

CVE-2026-31949

CVE-2026-31944

CVE-2026-22252

CVE-2025-69222

CVE-2025-69221

CVE Details

Editor's Choice

Stay informed on cybersecurity