CVE-2026-34371
Received Received - Intake
Path Traversal in LibreChat 0.8.4 Allows Arbitrary File Write

Publication date: 2026-04-07

Last updated on: 2026-04-14

Assigner: GitHub, Inc.

Description
LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the execute_code sandbox when persisting code-generated artifacts. On deployments using the default local file strategy, a malicious artifact filename containing traversal sequences (for example, ../../../../../app/client/dist/poc.txt) is concatenated into the server-side destination path and written with fs.writeFileSync() without sanitization. This gives any user who can trigger execute_code an arbitrary file write primitive as the LibreChat server user. This vulnerability is fixed in 0.8.4.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-07
Last Modified
2026-04-14
Generated
2026-06-16
AI Q&A
2026-04-08
EPSS Evaluated
2026-06-15
NVD
CVE-2026-34371
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
librechat librechat to 0.8.4 (exc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability exists in LibreChat versions prior to 0.8.4. LibreChat trusts the name field returned by the execute_code sandbox when saving code-generated artifacts. If a malicious user includes directory traversal sequences (like ../../../../../app/client/dist/poc.txt) in the artifact filename, the server concatenates this filename into the destination path without sanitizing it. As a result, the server writes files to arbitrary locations on the server filesystem with the permissions of the LibreChat server user.

Impact Analysis

This vulnerability allows an attacker who can trigger the execute_code feature to write arbitrary files on the server. This can lead to unauthorized modification or creation of files, potentially allowing code injection, defacement, or disruption of the application. Since the write operation is performed with the server user's permissions, it could compromise the integrity of the server environment.

Mitigation Strategies

To mitigate this vulnerability, upgrade LibreChat to version 0.8.4 or later, where the issue has been fixed.

Avoid using the default local file strategy if possible, or ensure that any filenames returned by the execute_code sandbox are properly sanitized before being used in file operations.

Compliance Impact

The vulnerability allows arbitrary file writes by an attacker with low privileges, potentially enabling persistent cross-site scripting (XSS) and integrity violations on the LibreChat server.

While the CVE description and resources do not explicitly mention compliance with standards such as GDPR or HIPAA, the ability to write arbitrary files and overwrite application assets could lead to unauthorized data manipulation or exposure, which may impact compliance with data protection and integrity requirements in these regulations.

Organizations using affected versions of LibreChat with local file storage should consider this vulnerability a risk to data integrity and application security, potentially affecting their compliance posture under standards that require protection against unauthorized data modification.

Detection Guidance

This vulnerability can be detected by checking if your LibreChat deployment is running a vulnerable version prior to 0.8.4 and if the execute_code feature is enabled with the local file storage strategy. Detection involves monitoring for suspicious file writes with path traversal sequences in artifact filenames.

You can look for files written outside the expected upload directories, especially files with names containing traversal sequences like '../../' or files unexpectedly appearing in directories such as app/client/dist.

Suggested commands to detect exploitation attempts or presence of malicious files include:

  • Find files with traversal patterns in their names or unexpected locations: `find /path/to/librechat/uploads -type f -name '*..*'`
  • Search for suspicious files in the frontend directory (example path): `ls -l /path/to/librechat/app/client/dist/poc.txt`
  • Check recent file writes or modifications outside the upload directory: `find /path/to/librechat -type f -mtime -7` (to find files modified in the last 7 days)
  • Monitor server logs or application logs for calls to execute_code that result in artifact filenames containing path traversal sequences.

Additionally, reviewing the source code or deployment configuration to confirm if the vulnerable code paths exist (e.g., usage of processCodeOutput with unsanitized filenames) can help detect the vulnerability.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-34371. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart