CVE-2026-7846
Deferred Deferred - Pending Action
Time-of-Check Time-of-Use in Langchain-Chatchat

Publication date: 2026-05-05

Last updated on: 2026-05-05

Assigner: VulDB

Description
A vulnerability has been found in chatchat-space Langchain-Chatchat up to 0.3.1.3. Impacted is the function files of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component OpenAI-Compatible File Upload API. Such manipulation of the argument file.filename leads to time-of-check time-of-use. Access to the local network is required for this attack to succeed. The attack requires a high level of complexity. The exploitability is considered difficult. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-05
Last Modified
2026-05-05
Generated
2026-06-16
AI Q&A
2026-05-05
EPSS Evaluated
2026-06-15
NVD
CVE-2026-7846
EUVD
EUVD-2026-27392
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
chatchat langchain-chatchat to 0.3.1.3 (inc)
chatchat-space langchain-chatchat to 0.3.1.3 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-367 The product checks the state of a resource before using that resource, but the resource's state can change between the check and the use in a way that invalidates the results of the check.
CWE-362 The product contains a concurrent code sequence that requires temporary, exclusive access to a shared resource, but a timing window exists in which the shared resource can be modified by another code sequence operating concurrently.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-7846 is a silent file overwrite vulnerability in Langchain-Chatchat versions up to 0.3.1.3. It occurs in the OpenAI-Compatible File Upload API, specifically in the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py. The vulnerability arises because the application constructs file paths deterministically using the file's purpose, date, and user-supplied filename without any conflict detection, deduplication, or per-user isolation.

This leads to a time-of-check to time-of-use (TOCTOU) race condition where if two users upload files with the same name on the same day, the second upload silently overwrites the first without warning or protection. The vulnerable code writes files directly without checking for existing files, allowing an attacker to replace legitimate files with malicious content.

An attacker can exploit this by uploading a file with the same name as a victim's file, causing the victim's file to be overwritten. This can result in the vision language model (LLM) fetching attacker-controlled images instead of the original uploads during image_url callbacks.

Impact Analysis

This vulnerability can impact you by allowing an attacker to silently overwrite files you upload if they use the same filename on the same day. This means your legitimate files can be replaced with malicious content without your knowledge.

The main impact is LLM input poisoning, where the vision chat system processes attacker-controlled images instead of your original uploads. This can lead to incorrect or malicious outputs from the system.

Additionally, the attack is stealthy because the frontend preview may still show the correct image, while the LLM fetches the replaced malicious file, making detection difficult.

Exploitation requires access to the local network and is considered difficult due to the high complexity of the attack.

Detection Guidance

This vulnerability can be detected by monitoring file uploads to the /v1/files endpoint and checking for silent overwrites of files with the same filename uploaded on the same day.

Specifically, detection involves verifying if files are being overwritten without warning or conflict detection, which can be done by comparing file hashes or timestamps for files with identical names uploaded by different users.

Commands to help detect this issue might include:

  • Using file system commands to check for multiple uploads with the same filename and different content, e.g., `ls -l` and `stat` to check timestamps and file sizes.
  • Using hash commands like `sha256sum` or `md5sum` on files in the upload directory to detect if files with the same name have different hashes over time.
  • Monitoring application logs for multiple uploads of files with the same name on the same day.

Since the vulnerability involves a race condition in file writes, network detection might be difficult, but monitoring for suspicious repeated uploads with identical filenames from different users could help.

Mitigation Strategies

Immediate mitigation steps include preventing filename collisions by modifying the file storage logic to include a unique identifier in the file path.

Specifically, the suggested fix is to update the `_get_file_id()` function to append a random UUID to the file path, ensuring that files uploaded with the same name do not overwrite each other.

Additionally, implementing conflict detection, deduplication, or per-user isolation in file storage can help prevent silent overwrites.

Until a patch is applied, restricting access to the vulnerable endpoint and monitoring uploads for suspicious activity may reduce risk.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7846. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart