CVE-2026-54025
Undergoing Analysis Undergoing Analysis - In Progress
XSS in LibreChat via Markdown Artifact Preview

Publication date: 2026-06-25

Last updated on: 2026-06-25

Assigner: GitHub, Inc.

Description
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown artifact preview pipeline. The marked library v15.0.12 does not HTML-escape double-quote characters in image alt text when a custom renderer falls through to the default renderer. LibreChat's generateMarkdownHtml function (in client/src/utils/markdown.ts) installs a custom image renderer that returns false for URLs passing the isSafeUrl allowlist check, which causes marked to fall back to its built-in renderer. That built-in renderer inserts the raw alt text into the alt="..." attribute without escaping double-quote characters. An attacker can craft an alt text such as " onload="payload to break out of the attribute and inject an arbitrary event handler. The resulting HTML is then assigned to document.getElementById('content').innerHTML inside the Sandpack preview iframe, causing the payload to execute in the victim's browser. This vulnerability is fixed in 0.8.4-rc1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-06-25
Last Modified
2026-06-25
Generated
2026-06-26
AI Q&A
2026-06-26
EPSS Evaluated
N/A
NVD
CVE-2026-54025
EUVD
EUVD-2026-39463
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
librechat librechat to 0.8.4-rc1 (exc)
marked marked 15.0.12
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Compliance Impact

The vulnerability in LibreChat allows attackers to inject malicious JavaScript code via unescaped image alt text in markdown previews, leading to stored cross-site scripting (XSS) attacks. This can result in unauthorized redirection of users to attacker-controlled websites.

Such unauthorized code execution and potential data exposure could impact compliance with standards and regulations like GDPR and HIPAA, which require protection of user data and prevention of unauthorized access or data breaches.

Specifically, the vulnerability could lead to unauthorized access to user sessions or data, violating principles of data confidentiality and integrity mandated by these regulations.

However, the provided information does not explicitly mention compliance impacts or regulatory considerations.

Executive Summary

CVE-2026-54025 is a stored cross-site scripting (XSS) vulnerability in LibreChat, an open-source chat application. It arises because the marked library (version 15.0.12) does not properly escape double-quote characters in image alt text when falling back to its default renderer.

LibreChat uses a custom image renderer that returns false for URLs passing a safety check, causing marked to use its built-in renderer. This built-in renderer inserts raw alt text into the HTML without escaping double quotes.

An attacker can craft malicious markdown with an image tag containing specially crafted alt text that breaks out of the alt attribute and injects an arbitrary event handler, such as an onload event. When this markdown artifact is imported and shared, the malicious code executes in the victim's browser.

Impact Analysis

This vulnerability allows an attacker to execute arbitrary JavaScript code in the browsers of users who view the malicious markdown artifact. For example, an attacker can redirect users silently to a malicious website by injecting an onload event handler.

The attack requires only a regular LibreChat account and does not need cooperation from the language model. It can affect any user who visits a shared link containing the malicious markdown.

Because the vulnerability is stored and cross-user, it can lead to unauthorized actions, data theft, or redirection to phishing or malware sites, posing a significant security risk.

Detection Guidance

This vulnerability can be detected by checking for the presence of malicious markdown artifacts containing image tags with unescaped double-quote characters in the alt text, especially those that include event handlers like onload. One way to detect exploitation attempts is to monitor network traffic or logs for requests to the /api/convos/import endpoint carrying suspicious JSON payloads with markdown images containing suspicious alt text.

Additionally, inspecting the version of LibreChat and the marked library in use can help determine if the system is vulnerable. Versions of LibreChat up to 0.7.8 and marked library version 15.0.12 are affected.

Suggested commands to detect suspicious imports or payloads might include:

  • Using grep or similar tools to search for suspicious markdown image alt text in logs or imported files, e.g., `grep -r '\!\[" onload="' /path/to/imported/artifacts`
  • Monitoring HTTP requests to the import endpoint with tools like tcpdump or Wireshark filtering for POST requests to `/api/convos/import`.
  • Checking the installed LibreChat version with commands like `librechat --version` or inspecting package.json or installed package metadata.
Mitigation Strategies

The immediate mitigation step is to upgrade LibreChat to version 0.8.4-rc1 or later, where the vulnerability has been fixed.

If upgrading is not immediately possible, apply patches to the image renderer in the file client/src/utils/markdown.ts to ensure that all double-quote characters in image alt text are properly escaped before rendering.

Additionally, restrict or monitor the use of the /api/convos/import endpoint to prevent importing malicious markdown artifacts.

Implementing Content-Security-Policy (CSP) headers can help mitigate the impact of such XSS vulnerabilities by restricting the execution of injected scripts.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-54025. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart