CVE-2026-34371
Path Traversal in LibreChat 0.8.4 Allows Arbitrary File Write
Publication date: 2026-04-07
Last updated on: 2026-04-14
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| librechat | librechat | to 0.8.4 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in LibreChat versions prior to 0.8.4. LibreChat trusts the name field returned by the execute_code sandbox when saving code-generated artifacts. If a malicious user includes directory traversal sequences (like ../../../../../app/client/dist/poc.txt) in the artifact filename, the server concatenates this filename into the destination path without sanitizing it. As a result, the server writes files to arbitrary locations on the server filesystem with the permissions of the LibreChat server user.
How can this vulnerability impact me? :
This vulnerability allows an attacker who can trigger the execute_code feature to write arbitrary files on the server. This can lead to unauthorized modification or creation of files, potentially allowing code injection, defacement, or disruption of the application. Since the write operation is performed with the server user's permissions, it could compromise the integrity of the server environment.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, upgrade LibreChat to version 0.8.4 or later, where the issue has been fixed.
Avoid using the default local file strategy if possible, or ensure that any filenames returned by the execute_code sandbox are properly sanitized before being used in file operations.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The vulnerability allows arbitrary file writes by an attacker with low privileges, potentially enabling persistent cross-site scripting (XSS) and integrity violations on the LibreChat server.
While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the ability to write arbitrary files and overwrite application assets could lead to unauthorized data manipulation or exposure, which may impact compliance with data protection and integrity requirements in these regulations.
Organizations using affected versions of LibreChat with local file storage should consider this vulnerability a risk to data integrity and application security, potentially affecting their compliance posture under standards that require protection against unauthorized data modification.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if your LibreChat deployment is running a vulnerable version prior to 0.8.4 and if the execute_code feature is enabled with the local file storage strategy. Detection involves monitoring for suspicious file writes with path traversal sequences in artifact filenames.
You can look for files written outside the expected upload directories, especially files with names containing traversal sequences like '../../' or files unexpectedly appearing in directories such as app/client/dist.
Suggested commands to detect exploitation attempts or presence of malicious files include:
- Find files with traversal patterns in their names or unexpected locations: `find /path/to/librechat/uploads -type f -name '*..*'`
- Search for suspicious files in the frontend directory (example path): `ls -l /path/to/librechat/app/client/dist/poc.txt`
- Check recent file writes or modifications outside the upload directory: `find /path/to/librechat -type f -mtime -7` (to find files modified in the last 7 days)
- Monitor server logs or application logs for calls to execute_code that result in artifact filenames containing path traversal sequences.
Additionally, reviewing the source code or deployment configuration to confirm if the vulnerable code paths exist (e.g., usage of processCodeOutput with unsanitized filenames) can help detect the vulnerability.