LibreChat through 0.7.4-rc1 has incorrect access control for message updates.
The access control mechanism responsible for verifying permissions during message updates is implemented incorrectly. An attacker can send message modification requests without having appropriate permissions, because the application does not properly verify the identity or permissions of the requester. The attack vector is network-based, requires no authentication or user interaction, making the exploit exceptionally easy to perform.
An attacker can gain unauthorized access to message content without authentication, modify or delete it, leading to violations of confidentiality, integrity, and availability of data stored in the system.
Apply patches available from the vendor according to the references — the fix was introduced as part of pull request #3363 in the LibreChat GitHub repository
LibreChat in all versions up to and including 0.7.4-rc1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLibrechat
APPLibrechat0.7.4≤ 0.7.3
Related vulnerabilities
LibreChat: wyciek zmiennych środowiskowych przez konfigurację MCP
LibreChat: RCE jako root przez MCP stdio transport bez walidacji poleceń
SSRF w LibreChat — brak ograniczeń funkcji Actions w domyślnej konfiguracji
LibreChat: path traversal umożliwiający usunięcie dowolnych plików
Path Traversal w LibreChat — brak walidacji ścieżek obrazów