CVE-2026-44654
File Deletion via Shared Agent in LibreChat
Publication date: 2026-06-02
Last updated on: 2026-06-03
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| librechat | librechat | to 0.8.3 (inc) |
| librechat | librechat | 0.8.4 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized DELETE requests to the /api/files endpoint that remove file records globally across agents.
You can inspect network traffic or server logs for DELETE HTTP requests targeting /api/files, especially those initiated by shared-agent editors.
Suggested commands to detect such activity include:
- Using grep on server logs to find DELETE requests: grep 'DELETE /api/files' /path/to/access.log
- Using tcpdump or tshark to capture HTTP DELETE requests on the network: tcpdump -A -s 0 'tcp port 80 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) != 0)' | grep 'DELETE /api/files'
- Using application-level logging or audit tools to track file deletion events and verify if deletions affect multiple agents referencing the same file_id.
Additionally, verifying the LibreChat version in use can help determine if the system is vulnerable; versions up to 0.8.3 are affected, while 0.8.4 and later contain the patch.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.
Can you explain this vulnerability to me?
This vulnerability exists in LibreChat versions up to and including 0.8.3. A shared-agent editor can delete file records via the DELETE /api/files endpoint that the owner has reused across multiple agents. When the file is deleted, it is removed globally, not just from the shared agent. This causes the owner's other private agents that reference the same file_id to break silently because they retain stale references to a file that no longer exists. Essentially, editing access to one agent improperly affects other agents, violating cross-agent integrity.
The issue was fixed in version 0.8.4.
How can this vulnerability impact me? :
This vulnerability can impact you by causing disruption to your private agents in LibreChat. If a shared-agent editor deletes a file that you have reused across multiple agents, your private agents will break silently due to stale file references. This means that functionality depending on those files may fail without obvious errors, potentially leading to loss of data integrity and unexpected behavior in your AI agents.
What immediate steps should I take to mitigate this vulnerability?
Upgrade LibreChat to version 0.8.4 or later, as this version contains a patch that fixes the vulnerability.