CVE-2026-31942
HIGHDescription
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.7.6, an Insecure Direct Object Reference (IDOR) vulnerability exists in the API keys management endpoint (PUT /api/keys). Due to the use of the JavaScript object spread operator after setting the authenticated user's ID, any authenticated user can inject a userId parameter in the request body to overwrite any other user's API keys (e.g., OpenAI, Anthropic, Azure). This allows an attacker to replace a victim's API key configuration, potentially routing the victim's conversations through attacker-controlled keys or denying service by providing invalid keys. This is patched in version 0.8.3-rc1.
How to fix
Remediation is compiled from vendor and distribution security advisories. Always confirm against the linked source for your exact version and platform.
CVSS v3 Vector
Exploitability
Impact
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L
Exploit Intelligence
Low risk: more likely to be exploited than 11% of all known CVEs.
References
Related Vulnerabilities
Other CWE-862 (Missing Authorization) vulnerabilities, ordered by exploit likelihood. View all
| CVE | Severity | CVSS | EPSS | Exploited | Fix |
|---|---|---|---|---|---|
| CVE-2021-39226 | Critical | 9.8 | 100% | KEV | Fix |
| CVE-2022-0543 | Critical | 10.0 | 100% | KEV | Fix |
| CVE-2021-21978 | Critical | 9.8 | 99% | - | Fix |
| CVE-2023-52163 | High | 8.8 | 96% | KEV | - |
| CVE-2022-1329 | High | 8.8 | 93% | - | - |
| CVE-2023-6875 | Critical | 9.8 | 90% | - | - |
Embed a live status badge for CVE-2026-31942
Markdown
[](https://tridentstack.com/cve/CVE-2026-31942)HTML
<a href="https://tridentstack.com/cve/CVE-2026-31942"><img src="https://tridentstack.com/cve/badge/CVE-2026-31942.svg" alt="CVE-2026-31942"></a>Find and fix vulnerabilities across your fleet
TridentStack Control continuously scans your Windows, macOS, and Linux fleet for known vulnerabilities, prioritizes them by severity and active exploitation, and patches them automatically.
Start freeThis product uses NVD data but is not endorsed or certified by the NVD. EPSS scores courtesy of FIRST.org (https://www.first.org/epss). Source: CISA KEV Catalog. Data as of 2026-06-04.