Executive Summary

CVE-2026-31943 is a high-severity Server-Side Request Forgery (SSRF) vulnerability in the LibreChat npm package prior to version 0.8.3. The issue arises because the function isPrivateIP() fails to detect IPv4-mapped IPv6 addresses when they are normalized to a hexadecimal form by the Node.js URL parser.

Specifically, isPrivateIP() uses a regular expression to detect private IP addresses in dotted-decimal notation but does not recognize the hex-normalized IPv6 form. This causes the function to incorrectly treat private addresses as public.

As a result, an authenticated user with permission to create or execute agent actions can bypass SSRF protections and make the server issue HTTP requests to internal network resources, including cloud metadata services, loopback addresses, and RFC1918 private IP ranges.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability allows any authenticated user with agent action permissions to perform SSRF attacks by bypassing the server's SSRF protection.

The attacker can make the server send HTTP requests to internal network resources that are normally inaccessible, such as cloud metadata services (e.g., AWS 169.254.169.254), loopback addresses (127.0.0.1), and private IP ranges.

This can lead to leakage of sensitive internal data, including cloud credentials and instance tokens, and unauthorized access to internal services, potentially compromising the security of the affected environment.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by monitoring for SSRF attempts that use IPv4-mapped IPv6 addresses in their hex-normalized form, which bypass the isPrivateIP() function's detection.

Specifically, look for HTTP requests originating from authenticated users that target internal network resources using URLs with IPv4-mapped IPv6 addresses, such as requests to cloud metadata services (e.g., http://[::ffff:169.254.169.254]/), loopback addresses, or RFC1918 private IP ranges.

Commands to detect such activity could include network traffic inspection tools or log analysis to find requests with IPv6 addresses in hex-normalized form targeting internal IP ranges.

• Use network packet capture tools like tcpdump or Wireshark to filter for HTTP requests containing IPv6 addresses with the ::ffff: prefix.
• Example tcpdump command: tcpdump -i any -nn -s0 -A 'tcp port 80 or tcp port 443' | grep '\[::ffff:'
• Analyze application logs for agent action creation or execution requests containing IPv4-mapped IPv6 addresses in URLs.
• Use grep or similar tools on server logs: grep -E '\[::ffff:[0-9a-f:]+\]' /path/to/logs

Useful 0 Not Useful 0

Mitigation Strategies

The immediate mitigation step is to upgrade LibreChat to version 0.8.3 or later, where the isPrivateIP() function correctly detects IPv4-mapped IPv6 addresses in their hex-normalized form.

Until the upgrade can be applied, restrict or disable agent action creation and execution permissions for authenticated users to limit the ability to exploit SSRF.

Additionally, implement network-level controls to block outgoing HTTP requests from the LibreChat server to internal IP ranges and cloud metadata service IPs (e.g., 169.254.169.254).

Monitor logs and network traffic for suspicious SSRF attempts using IPv4-mapped IPv6 addresses as described.

Useful 0 Not Useful 0

Compliance Impact

The SSRF vulnerability in LibreChat allows authenticated users to bypass protections and access internal network resources, including cloud metadata services that may contain sensitive credentials and data.

This exposure can lead to unauthorized access and potential leakage of sensitive information, which may violate data protection requirements under standards like GDPR and HIPAA that mandate safeguarding personal and sensitive data.

Specifically, the ability to access internal services and cloud metadata could result in breaches of confidentiality, undermining compliance with regulations that require strict controls over access to sensitive data.

Useful 0 Not Useful 0