Executive Summary

CVE-2026-7847 is a vulnerability in Langchain-Chatchat (up to version 0.3.1.3) where file identifiers for the OpenAI-compatible /v1/files API are generated in a predictable and deterministic way.

The file ID is created by base64-encoding a string composed of the purpose, date, and filename without any random component, making it fully predictable.

This allows attackers who know or can guess the upload date and filename to construct valid file identifiers for any uploaded file.

As a result, attackers can perform targeted file reads, overwrites, or deletions through the /v1/files/{file_id} endpoints.

The vulnerability is classified under CWE-330 (Use of Insufficiently Random Values) and affects the function _get_file_id in the file openai_routes.py.

The suggested fix is to incorporate a random unique identifier (such as a UUID) into the file ID generation process to ensure unpredictability.

Useful 0 Not Useful 0

Impact Analysis

This vulnerability can allow an attacker with access to the local network to predict and construct valid file IDs for any uploaded file.

With these file IDs, an attacker can perform unauthorized targeted file reads, overwrites, or deletions via the API endpoints.

Such unauthorized access can lead to data exposure, data tampering, or loss of important files.

Additionally, there is no audit trail for file access, making it difficult to detect or trace malicious activity.

Useful 0 Not Useful 0

Detection Guidance

This vulnerability can be detected by checking if the file identifiers used by the /v1/files API in Langchain-Chatchat are generated in a predictable manner. Specifically, the file ID is a base64-encoded string composed only of the purpose, date, and filename without any random component.

To detect this on your system, you can attempt to enumerate file IDs by guessing or listing common filenames and upload dates, then base64-encode these components to see if the resulting file IDs are accepted by the API endpoints.

Suggested commands include using base64 encoding tools to generate potential file IDs and curl or similar HTTP clients to test access to the /v1/files/{file_id} endpoints. For example:

• Generate a file ID by base64-encoding a string like "purpose:date:filename": `echo -n "purpose:2026-05-01:example.txt" | base64`
• Test access to the file using curl: `curl -v http://<target>/v1/files/<generated_file_id>`

If the server responds with file data or any indication that the file ID is valid, it confirms the presence of the vulnerability.

Useful 0 Not Useful 0

Mitigation Strategies

Immediate mitigation steps include modifying the file ID generation process to incorporate a unique random component, such as a UUID, to ensure unpredictability of file identifiers.

Since the vulnerability arises from deterministic file ID generation, adding randomness prevents attackers from guessing valid file IDs.

Additionally, restrict access to the /v1/files API endpoints to trusted users or networks, and implement logging and audit trails for file access to detect unauthorized attempts.

If you are using a vulnerable version (up to 0.3.1.3), consider upgrading to a fixed version once available or applying patches that address this issue.

Useful 0 Not Useful 0

Compliance Impact

The vulnerability in Langchain-Chatchat allows attackers to predict and construct valid file identifiers, enabling unauthorized targeted file reads, overwrites, or deletions. This lack of unpredictability and absence of an audit trail for file access could lead to unauthorized access to sensitive data.

Such unauthorized access and manipulation of files may result in non-compliance with data protection regulations like GDPR and HIPAA, which require strict controls on data confidentiality, integrity, and auditability.

Specifically, the inability to prevent unauthorized file access and the lack of audit trails could violate principles of data security and accountability mandated by these standards.

Useful 0 Not Useful 0