CVE-2026-31944 | danny-avila LibreChat up to 0.8.2-rc3 Model Context Protocol OAuth Callback Endpoint missing authentication (GHSA-vf7j-7mrx-hp7g)

Inserito da Angelo Barbosa | Mar 13, 2026 | CVE

A vulnerability classified as critical was found in danny-avila LibreChat up to 0.8.2-rc3. This issue affects some unknown processing of the component Model Context Protocol OAuth Callback Endpoint. The manipulation results in missing authentication.

This vulnerability is identified as CVE-2026-31944. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.

CVE-2026-31944 | danny-avila LibreChat up to 0.8.2-rc3 Model Context Protocol OAuth Callback Endpoint missing authentication (GHSA-vf7j-7mrx-hp7g)

Post correlati

CVE-2024-31741 | MiniCMS 1.11 cross site scripting (Issue 49)

CVE-2024-41108 | FOGproject FOG prior 1.5.10.41 Hostinfo Page information disclosure (GHSA-p3f9-4jj4-fm2g)

CVE-2024-45229 | Versa Director prior 22.1.4 20240909 Device Registration /vnms/devicereg/device/ improper authentication

CVE-2024-53743 | FlickDevs Countdown Timer for Elementor Plugin up to 1.3.6 on WordPress cross site scripting