CVE-2026-31943
SSRF Bypass in LibreChat Auth Allows Internal Network Access
Publication date: 2026-03-27
Last updated on: 2026-03-31
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| librechat | librechat | to 0.8.3 (exc) |
| librechat | librechat | 0.8.3 |
| librechat | librechat | 0.8.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-918 | The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-31943 is a high-severity Server-Side Request Forgery (SSRF) vulnerability in the LibreChat npm package prior to version 0.8.3. The issue arises because the function isPrivateIP() fails to detect IPv4-mapped IPv6 addresses when they are normalized to a hexadecimal form by the Node.js URL parser.
Specifically, isPrivateIP() uses a regular expression to detect private IP addresses in dotted-decimal notation but does not recognize the hex-normalized IPv6 form. This causes the function to incorrectly treat private addresses as public.
As a result, an authenticated user with permission to create or execute agent actions can bypass SSRF protections and make the server issue HTTP requests to internal network resources, including cloud metadata services, loopback addresses, and RFC1918 private IP ranges.
How can this vulnerability impact me? :
This vulnerability allows any authenticated user with agent action permissions to perform SSRF attacks by bypassing the server's SSRF protection.
The attacker can make the server send HTTP requests to internal network resources that are normally inaccessible, such as cloud metadata services (e.g., AWS 169.254.169.254), loopback addresses (127.0.0.1), and private IP ranges.
This can lead to leakage of sensitive internal data, including cloud credentials and instance tokens, and unauthorized access to internal services, potentially compromising the security of the affected environment.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for SSRF attempts that use IPv4-mapped IPv6 addresses in their hex-normalized form, which bypass the isPrivateIP() function's detection.
Specifically, look for HTTP requests originating from authenticated users that target internal network resources using URLs with IPv4-mapped IPv6 addresses, such as requests to cloud metadata services (e.g., http://[::ffff:169.254.169.254]/), loopback addresses, or RFC1918 private IP ranges.
Commands to detect such activity could include network traffic inspection tools or log analysis to find requests with IPv6 addresses in hex-normalized form targeting internal IP ranges.
- Use network packet capture tools like tcpdump or Wireshark to filter for HTTP requests containing IPv6 addresses with the ::ffff: prefix.
- Example tcpdump command: tcpdump -i any -nn -s0 -A 'tcp port 80 or tcp port 443' | grep '\[::ffff:'
- Analyze application logs for agent action creation or execution requests containing IPv4-mapped IPv6 addresses in URLs.
- Use grep or similar tools on server logs: grep -E '\[::ffff:[0-9a-f:]+\]' /path/to/logs
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade LibreChat to version 0.8.3 or later, where the isPrivateIP() function correctly detects IPv4-mapped IPv6 addresses in their hex-normalized form.
Until the upgrade can be applied, restrict or disable agent action creation and execution permissions for authenticated users to limit the ability to exploit SSRF.
Additionally, implement network-level controls to block outgoing HTTP requests from the LibreChat server to internal IP ranges and cloud metadata service IPs (e.g., 169.254.169.254).
Monitor logs and network traffic for suspicious SSRF attempts using IPv4-mapped IPv6 addresses as described.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The SSRF vulnerability in LibreChat allows authenticated users to bypass protections and access internal network resources, including cloud metadata services that may contain sensitive credentials and data.
This exposure can lead to unauthorized access and potential leakage of sensitive information, which may violate data protection requirements under standards like GDPR and HIPAA that mandate safeguarding personal and sensitive data.
Specifically, the ability to access internal services and cloud metadata could result in breaches of confidentiality, undermining compliance with regulations that require strict controls over access to sensitive data.