CVE-2026-7844 | chatchat-space Langchain-Chatchat up to 0.3.1.3 Compatible File Service openai_routes.py missing authentication (Issue 5465)

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. It has been declared as critical. This vulnerability affects the function files/list_files/retrieve_file/retrieve_file_content/delete_file of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Compatible File Service. The manipulation results in missing authentication.

This vulnerability is reported as CVE-2026-7844. The attacker must have access to the local network to execute the attack. Moreover, an exploit is present.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7844 | chatchat-space Langchain-Chatchat up to 0.3.1.3 Compatible File Service openai_routes.py missing authentication (Issue 5465)

Post correlati

CVE-2025-5879 | WuKongOpenSource WukongCRM 9.0 File Upload AdminSysConfigController.java cross site scripting

CVE-2026-3944 | itsourcecode University Management System 1.0 /att_add.php Name sql injection

CVE-2024-12658 | IObit Advanced SystemCare Utimate up to 17.0.0 IOCTL AscRegistryFilter.sys 0x8001E01C null pointer dereference

CVE-2024-3656 | Red Hat Keycloak REST API Privilege Escalation (GHSA-2cww-fgmg-4jqc)