Skip to main content
CVE Vulnerability Database
Vulnerability Database/CVE-2026-31942

CVE-2026-31942: LibreChat Auth Bypass Vulnerability

CVE-2026-31942 is an authentication bypass flaw in LibreChat allowing attackers to overwrite other users' API keys through an IDOR weakness. This article covers technical details, affected versions, and mitigation steps.

Published:

CVE-2026-31942 Overview

CVE-2026-31942 is an Insecure Direct Object Reference (IDOR) vulnerability in LibreChat, an open-source ChatGPT clone supporting multiple AI providers. The flaw affects the API keys management endpoint PUT /api/keys in versions up to and including 0.7.6. Any authenticated user can inject a userId parameter into the request body to overwrite another user's stored API keys for providers such as OpenAI, Anthropic, or Azure. The issue maps to CWE-862: Missing Authorization and is patched in version 0.8.3-rc1.

Critical Impact

An authenticated attacker can replace any victim user's provider API keys, routing their conversations through attacker-controlled credentials or denying service with invalid keys.

Affected Products

  • LibreChat versions 0.7.6 and earlier
  • LibreChat PUT /api/keys endpoint
  • All configured AI provider integrations (OpenAI, Anthropic, Azure, and others)

Discovery Timeline

  • 2026-06-02 - CVE-2026-31942 published to NVD
  • 2026-06-02 - Last updated in NVD database

Technical Details for CVE-2026-31942

Vulnerability Analysis

The vulnerability resides in LibreChat's API keys management handler. The endpoint accepts a JSON request body containing the provider key configuration and persists it against a user identifier. The handler sets the authenticated user's ID and then merges the request body using the JavaScript object spread operator. Because the spread occurs after the authoritative userId assignment, attacker-supplied properties in the body override the server-derived value. An authenticated low-privilege user can therefore target any other user's record by submitting their userId in the payload. The result is an authorization bypass that allows cross-tenant write access to sensitive credential storage.

Root Cause

The root cause is improper authorization enforcement combined with unsafe object merging. The server treats the authenticated session as sufficient to authorize a write while allowing client-controlled fields to redefine the target object identifier. There is no server-side check that the userId in the merged object matches the session principal before the update is committed.

Attack Vector

Exploitation requires only a valid authenticated session on the target LibreChat instance. The attacker sends a PUT request to /api/keys containing a userId field set to the victim's identifier along with attacker-controlled key material. The application overwrites the victim's stored provider keys with the attacker's values. Subsequent victim conversations can be routed through the attacker's API account, exposing prompts and responses, or the victim can be denied service if the injected key is invalid.

No verified public exploit code is available. See the GitHub Security Advisory GHSA-5jcj-rh68-cgj7 for technical details.

Detection Methods for CVE-2026-31942

Indicators of Compromise

  • Unexpected modifications to the LibreChat API keys collection where the modifying session principal differs from the record owner.
  • PUT /api/keys requests whose JSON body contains a userId field, especially one that does not match the authenticated session user.
  • Outbound traffic from LibreChat to AI provider endpoints using API keys that do not match the configured organizational keys.

Detection Strategies

  • Inspect application and reverse-proxy logs for PUT /api/keys requests, decoding bodies to identify userId parameter injection.
  • Correlate database audit records for the keys collection with the authenticated user ID from the corresponding HTTP session.
  • Alert on sudden changes in provider key fingerprints or quota usage anomalies on linked OpenAI, Anthropic, or Azure accounts.

Monitoring Recommendations

  • Enable verbose request logging on the LibreChat API tier and forward logs to a centralized analytics platform for retention and search.
  • Monitor provider billing dashboards for unexpected key rotation or unfamiliar usage patterns.
  • Track failed AI provider authentication errors reported to end users, which may indicate keys were overwritten with invalid values.

How to Mitigate CVE-2026-31942

Immediate Actions Required

  • Upgrade LibreChat to version 0.8.3-rc1 or later, where the spread-operator ordering issue is patched.
  • Rotate all provider API keys (OpenAI, Anthropic, Azure, and others) configured by users on affected instances.
  • Audit the keys collection for records whose last-modified timestamp falls within the exposure window and validate them with the owning users.

Patch Information

The maintainers fixed the issue in LibreChat 0.8.3-rc1 by reordering the assignment so that the authenticated user's ID is applied after the request body spread, preventing client override. Refer to the LibreChat GitHub Security Advisory for the patch commit and release notes.

Workarounds

  • Restrict access to the LibreChat instance to trusted users only until the upgrade is applied.
  • Place a reverse proxy or web application firewall rule in front of /api/keys that rejects request bodies containing a userId field.
  • Temporarily disable end-user provider key management and centrally configure provider keys via environment variables.
bash
# Example NGINX rule to block userId injection in /api/keys requests
location /api/keys {
    if ($request_method = PUT) {
        access_by_lua_block {
            ngx.req.read_body()
            local body = ngx.req.get_body_data() or ""
            if string.find(body, '"userId"') then
                ngx.exit(403)
            end
        }
    }
    proxy_pass http://librechat_upstream;
}

Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.

Default Legacy - Prefooter | Experience the World’s Most Advanced Cybersecurity Platform

Experience the Most Advanced Cybersecurity Platform

See how the world’s most intelligent, autonomous cybersecurity platform can protect your organization today and into the future.