LibreChat through 0.7.4-rc1 does not validate the normalized pathnames of images.
An attacker can provide a specially crafted path to an image file that, after normalization (e.g., using '../' sequences), goes beyond the allowed application directory. The application does not verify whether the resulting path points to a resource located in the permitted area of the file system. This allows unauthorized access to any files on the server.
An unauthenticated attacker can read, and potentially also overwrite or delete any files accessible to the application process, leading to data confidentiality breach, system integrity violation, and potential complete loss of service availability.
LibreChat should be updated to a version higher than 0.7.4-rc1, which introduced a fix for path validation (pull request #3363 in the vendor repository). It is also recommended to limit application process permissions to the minimum necessary and monitor access to the server file system.
LibreChat in versions up to and including 0.7.4-rc1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HLibrechat
APPLibrechat0.7.4≤ 0.7.3
Related vulnerabilities
LibreChat: wyciek zmiennych środowiskowych przez konfigurację MCP
LibreChat: RCE jako root przez MCP stdio transport bez walidacji poleceń
SSRF w LibreChat — brak ograniczeń funkcji Actions w domyślnej konfiguracji
LibreChat: path traversal umożliwiający usunięcie dowolnych plików
LibreChat — nieprawidłowa kontrola dostępu przy aktualizacji wiadomości