CVE-2026-7846 | chatchat-space Langchain-Chatchat up to 0.3.1.3 OpenAI-Compatible File Upload API openai_routes.py files file.filename toctou (Issue 5463)

A vulnerability categorized as problematic has been discovered in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to time-of-check time-of-use.

This vulnerability is traded as CVE-2026-7846. Access to the local network is required for this attack to succeed. Furthermore, there is an exploit available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7846 | chatchat-space Langchain-Chatchat up to 0.3.1.3 OpenAI-Compatible File Upload API openai_routes.py files file.filename toctou (Issue 5463)

Post correlati

CVE-2024-6808 | itsourcecode Simple Task List 1.0 signUp.php insertUserRecord username sql injection

CVE-2024-7199 | SourceCodester Complaints Report Management System 1.0 /admin/manage_user.php id sql injection

CVE-2025-11661 | ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59 missing authentication

CVE-2026-4263 | HiJiffy Chatbot Private Message /api/v1/webchat/message authorization