CVE-2026-7847 | chatchat-space Langchain-Chatchat up to 0.3.1.3 Uploaded File openai_routes.py _get_file_id random values (Issue 5464)

A vulnerability identified as problematic has been detected in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently random values.

This vulnerability is known as CVE-2026-7847. Access to the local network is required for this attack. Furthermore, an exploit is available.

The project was informed of the problem early through an issue report but has not responded yet.

CVE-2026-7847 | chatchat-space Langchain-Chatchat up to 0.3.1.3 Uploaded File openai_routes.py _get_file_id random values (Issue 5464)

Post correlati

CVE-2026-33407 | ellite Wallos up to 4.6.x Endpoint search.php HTTP_PROXY/HTTPS_PROXY server-side request forgery

CVE-2024-40430 | SFTPGO 2.6.2 JWT Privilege Escalation

CVE-2024-36531 | NukeViet upload.php unrestricted upload

CVE-2025-70981 | CordysCRM 1.4.1 Employee List Query Interface /user/list departmentIds sql injection