CVE-2026-54024
Analyzed Analyzed - Analysis Complete

Disk Space Exhaustion via File Upload in LibreChat

Vulnerability report for CVE-2026-54024, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-25

Last updated on: 2026-06-29

Assigner: GitHub, Inc.

Description

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 (commit bb58a2d0) added limits: { fileSize } to createMulterInstance() in the file upload routes. However, the POST /api/convos/import endpoint uses a separate multer instance that was never updated with the same limits configuration. Combined with the application-level size check being disabled by default (the CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES env var is commented out in .env.example), an authenticated user can upload arbitrarily large files to exhaust server disk space and memory. This vulnerability is fixed in 0.8.4-rc1.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-25
Last Modified
2026-06-29
Generated
2026-07-16
AI Q&A
2026-06-25
EPSS Evaluated
2026-07-14
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
librechat librechat to 0.8.3 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Detection Guidance

This vulnerability involves the ability of an authenticated user to upload arbitrarily large files to the /api/convos/import endpoint in LibreChat prior to version 0.8.4-rc1, potentially exhausting server disk space and memory.

To detect this vulnerability on your system, you can monitor for unusually large file uploads to the /api/convos/import endpoint, especially from authenticated users.

Suggested commands include using network monitoring or web server logs to identify large POST requests to this endpoint.

  • Using curl to test upload size limits: curl -X POST -F "file=@largefile" https://yourserver/api/convos/import -H "Authorization: Bearer <token>" --verbose
  • Using grep and awk on server logs to find large uploads: grep "/api/convos/import" /var/log/nginx/access.log | awk '{print $10, $7}' | sort -nr | head
  • Using monitoring tools to track disk and memory usage spikes correlated with file uploads to the endpoint.
Executive Summary

This vulnerability exists in LibreChat versions prior to 0.8.4-rc1. It involves the POST /api/convos/import endpoint, which uses a separate file upload handler that was not updated with file size limits. While other parts of the application had limits to restrict file upload sizes, this endpoint did not enforce such limits. Additionally, the application-level size check is disabled by default. As a result, an authenticated user can upload arbitrarily large files, potentially exhausting the server's disk space and memory.

Impact Analysis

The vulnerability allows an authenticated user to upload very large files without restriction, which can lead to exhaustion of server disk space and memory. This can cause denial of service conditions, degrade server performance, or potentially crash the application, impacting availability.

Mitigation Strategies

To mitigate this vulnerability, upgrade LibreChat to version 0.8.4-rc1 or later where the issue is fixed.

Ensure that the POST /api/convos/import endpoint uses a multer instance configured with file size limits similar to those applied in other file upload routes.

Verify that the environment variable CONVERSATION_IMPORT_MAX_FILE_SIZE_BYTES is set to an appropriate value to enable application-level size checks.

Compliance Impact

The provided information does not specify any direct impact of this vulnerability on compliance with common standards and regulations such as GDPR or HIPAA.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54024. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart