CVE-2026-7844 Overview
CVE-2026-7844 is a missing authentication vulnerability [CWE-287] affecting chatchat-space Langchain-Chatchat versions up to 0.3.1.3. The flaw resides in the Compatible File Service component, specifically in the files, list_files, retrieve_file, retrieve_file_content, and delete_file functions defined in libs/chatchat-server/chatchat/server/api_server/openai_routes.py. Attackers with adjacent network access can invoke these file endpoints without authentication. A public exploit is available, and the maintainers have not responded to the original issue report. The vulnerability impacts confidentiality, integrity, and availability of files managed by the service.
Critical Impact
Unauthenticated adjacent-network attackers can list, retrieve, and delete files through the Langchain-Chatchat OpenAI-compatible file API, exposing user data and disrupting service.
Affected Products
- chatchat-space Langchain-Chatchat versions up to and including 0.3.1.3
- Component: Compatible File Service (openai_routes.py)
- Deployments exposing the API server on local or adjacent networks
Discovery Timeline
- 2026-05-05 - CVE-2026-7844 published to the National Vulnerability Database
- 2026-05-05 - Last updated in NVD database
Technical Details for CVE-2026-7844
Vulnerability Analysis
The vulnerability resides in the OpenAI-compatible file API exposed by the Langchain-Chatchat server. The file libs/chatchat-server/chatchat/server/api_server/openai_routes.py defines five endpoints handling file lifecycle operations: files, list_files, retrieve_file, retrieve_file_content, and delete_file. None of these endpoints enforce authentication or session validation before processing requests. An attacker reachable on the same local or adjacent network segment can issue HTTP requests to enumerate uploaded files, download their content, or delete them. Because Langchain-Chatchat is commonly used to ingest enterprise documents for retrieval-augmented generation, the exposed files often contain sensitive corporate data. The CWE-287 classification reflects this complete absence of identity verification on a privileged file management interface.
Root Cause
The root cause is the omission of authentication middleware on the OpenAI-compatible file routes. The handlers process incoming requests directly without inspecting bearer tokens, API keys, or session cookies. This represents a design oversight in the API server layer, which fails to apply consistent access control across endpoints.
Attack Vector
Exploitation requires adjacent network access (AV:A) and no privileges or user interaction. An attacker on the same network segment as the Langchain-Chatchat instance crafts standard HTTP requests against the vulnerable endpoints. The attacker can list all stored files, retrieve their full content, and delete arbitrary files. A proof-of-concept demonstrating each endpoint is publicly available on the GitHub PoC Repository. The exploitation does not require any prior reconnaissance beyond identifying a reachable Langchain-Chatchat host.
No verified code examples are available. Refer to the GitHub Issue Tracker and the VulDB #361123 entries for additional technical context.
Detection Methods for CVE-2026-7844
Indicators of Compromise
- Unexpected HTTP requests to /v1/files, /v1/files/{file_id}, and /v1/files/{file_id}/content endpoints from internal hosts not associated with legitimate clients
- Unexplained deletions or enumeration of uploaded knowledge-base documents
- Outbound transfer of large volumes of file content from the Langchain-Chatchat host
Detection Strategies
- Enable verbose access logging on the Langchain-Chatchat API server and alert on any request to file endpoints lacking an Authorization header
- Deploy network IDS rules that flag HTTP GET and DELETE traffic to OpenAI-compatible file routes from non-allowlisted source IPs
- Correlate web server logs with EPSS telemetry (current score 0.031%) to prioritize investigation as exploitation activity rises
Monitoring Recommendations
- Continuously monitor the host filesystem and object storage backing Langchain-Chatchat for unauthorized read or delete operations
- Track API request rates per source IP and alert on anomalous bursts targeting file endpoints
- Review reverse proxy logs for unauthenticated access patterns to openai_routes.py handlers
How to Mitigate CVE-2026-7844
Immediate Actions Required
- Restrict network exposure of Langchain-Chatchat to trusted hosts using firewall rules or service mesh policies
- Place the API server behind an authenticating reverse proxy that validates bearer tokens before forwarding requests
- Audit existing file storage for unauthorized access or tampering and rotate any sensitive content previously uploaded
Patch Information
No official patch is available at the time of publication. The maintainers have not responded to the GitHub Issue Tracker report. Track the GitHub Project Repository for upstream fixes and apply them when released.
Workarounds
- Add authentication middleware to the FastAPI router defined in libs/chatchat-server/chatchat/server/api_server/openai_routes.py to require a valid API key on all file endpoints
- Bind the Langchain-Chatchat server to 127.0.0.1 and tunnel access through SSH or a VPN until a patch is available
- Disable the OpenAI-compatible file endpoints if they are not required by downstream integrations
# Example: restrict access with iptables until a patch ships
iptables -A INPUT -p tcp --dport 7861 -s 10.0.0.0/8 -j DROP
iptables -A INPUT -p tcp --dport 7861 -s 192.168.0.0/16 -j DROP
iptables -A INPUT -p tcp --dport 7861 -s 127.0.0.1 -j ACCEPT
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
