HarborGuardharborguardDatabase
Back to search
HIGHCVE-2026-31942Published Modified CNA GitHub_M

CVE-2026-31942: LibreChat has IDOR in API Keys Management that allows any authenticated user to overwrite other users' API keys

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys management endpoint (PUT /api/keys). Due to the use of the JavaScript object spread operator after setting the authenticated user's ID, any authenticated user can inject a userId parameter in the request body to overwrite any other user's API keys (e.g., OpenAI, Anthropic, Azure). This allows an attacker to replace a victim's API key configuration, potentially routing the victim's conversations through attacker-controlled keys or denying service by providing invalid keys. This is patched in version 0.8.3-rc1.

Metrics

CVSS v3.1
7.1
Severity
HIGH
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

An Insecure Direct Object Reference (IDOR) vulnerability exists in LibreChat versions up to and including 0.7.6, affecting the API keys management endpoint (PUT /api/keys). Any authenticated user can inject a userId parameter into a request body to overwrite another user's stored API key configuration for providers such as OpenAI, Anthropic, and Azure. Successful exploitation lets an attacker silently redirect a victim's AI conversations through attacker-controlled keys or break the victim's service entirely by supplying invalid keys. A fix is available in version 0.8.3-rc1; a patched-image rebuild is available on HarborGuard for environments running an affected version.

HarborGuard Coverage

Detection

Detection of CVE-2026-31942 is available across every HarborGuard environment, with the CVE matched against customer images within minutes of ingestion from upstream advisory feeds, including custom-built images that bundle LibreChat. Coverage applies to both registry scans and CI/CD pipeline checks.

Available
Triage

HarborGuard scores this CVE at 7.1 HIGH using the CVSS v3.1 vector and applies per-environment compliance policy weighting to determine urgency and routing. Triage alerts are directed to the appropriate team inbox within each customer organization based on configured ownership rules.

Available
Patch

Because no upstream stable fix has been published yet (only 0.8.3-rc1 is available), HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment a stable fix version is released upstream. For customers who opt into auto-remediation, that rebuild will trigger a regression run and a PR opened against affected workloads automatically once the upstream release lands.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The vulnerable endpoint is exposed over the network, so an attacker must be able to reach the LibreChat service via HTTP.

  • AuthenticationRequired

    Any low-privilege authenticated account is sufficient; the attacker only needs a valid login to the LibreChat instance.

  • Victim interactionNot required

    No action is required from the victim; the attacker submits a crafted PUT request directly without any social engineering.

  • Attack complexityDetail

    The exploit is straightforward and condition-free, requiring only the ability to add a userId field to the request body with no race conditions or special environment setup.

Blast Radius

  • Overwrites another user's stored API key configuration for providers such as OpenAI, Anthropic, and Azure, silently redirecting that user's AI conversations through attacker-controlled credentials.
  • Allows the attacker to monitor or log conversations routed through the substituted API keys on infrastructure they control.
  • Denies service to the targeted user by replacing valid API keys with invalid ones, causing all AI requests from that account to fail.

How HarborGuard Handles This

Available on HarborGuard: detection for CVE-2026-31942 is active against any image found to bundle an affected LibreChat version (up to and including 0.7.6). Because only a release candidate fix (0.8.3-rc1) exists and no stable upstream release has been cut, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment a stable fix is published. In the interim, compensating controls worth considering include network-policy rules that restrict PUT /api/keys access to trusted internal clients only, egress filtering to block unexpected external API key destinations, and disabling multi-user API key sharing features via LibreChat configuration flags if your deployment allows it. For customers who opt into auto-remediation, a rebuild, regression run, and PR against affected workloads will be triggered automatically once the upstream stable release lands, with a typical median time from CVE publication to merged patch PR of around 90 minutes for high-severity issues in environments with auto-remediation enabled.

See how HarborGuard automates this
Affected packages
  • danny-avila / LibreChat
    < 0.8.3-rc1
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
References