CVE-2026-54030 | LibreChat is an enhanced ChatGPT clone that supports multipl… | CVSS 8.0 HIGH

Description

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata (RFC 9728) matches the configured MCP server URL, allowing a malicious MCP server to steal access tokens intended for a legitimate server. This vulnerability is fixed in 0.8.5.

Metadata

CVE ID: CVE-2026-54030
State: PUBLISHED
Assigner: GitHub_M
Reserved: 2026-06-11 16:57 UTC
Published: 2026-06-25 15:48 UTC
Last updated: 2026-06-25 15:48 UTC
Primary CWE: CWE-346
CWE-346: Origin Validation Error
Vendor / Product: danny-avila / LibreChat
Sources: cve.org · NVD

Severity & Metrics

8.0 HIGH CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

Affected products (1)

Vendor	Product	Platform	Versions
danny-avila	LibreChat	—	< 0.8.5

Weakness (CWE)

CWE	Source	Description
CWE-346	cna	CWE-346: Origin Validation Error

CVSS scores (1)

Score	Severity	Version	Source	Vector
8.0	HIGH	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:N

References (1)

https://github.com/danny-avila/LibreChat/security/advisories/GHSA-gvpj-vm2f-2m23 https://github.com/danny-avila/LibreChat/security/advisories/GHSA-gvpj-vm2f-2m23