LibreChat: Shared-agent editor can globally delete owner’s file records

5.7 / 10

MEDIUM

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

Description

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the owner has reused across multiple agents. The deletion removes the file globally — not just from the shared agent — breaking the owner's other private agents that reference the same `file_id`. The private agent retains a stale `file_id` reference that no longer resolves. A shared-agent editor can destroy files that the owner uses across multiple agents. The owner's private agents — which the attacker has no access to — break silently with stale `file_id` references. This is a cross-agent integrity violation: editing access to one agent should not affect another. Version 0.8.4 contains a patch.

Basic Information

ID CVE-2026-44654

Source GitHub_M

Published Jun 2, 2026 at 22:47

Affected Product

Vendor danny-avila

Product LibreChat

Version < 0.8.5

Affected Versions danny-avila LibreChat < 0.8.5

CWE Classification

CWE-863

References

github.com /danny-avila/LibreChat/security/advisories/GHSA-f8jg-v856-mf6q

{
    "lastseen": "",
    "description": "LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the owner has reused across multiple agents. The deletion removes the file globally \u2014 not just from the shared agent \u2014 breaking the owner's other private agents that reference the same `file_id`. The private agent retains a stale `file_id` reference that no longer resolves. A shared-agent editor can destroy files that the owner uses across multiple agents. The owner's private agents \u2014 which the attacker has no access to \u2014 break silently with stale `file_id` references. This is a cross-agent integrity violation: editing access to one agent should not affect another. Version 0.8.4 contains a patch.",
    "published": "2026-06-02T22:47:29.235Z",
    "modified": "2026-06-02T22:47:29.235Z",
    "type": "cve",
    "title": "LibreChat: Shared-agent editor can globally delete owner's file records \u2014 breaks owner's other private agents",
    "source": "GitHub_M",
    "references": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-f8jg-v856-mf6q",
    "id": "CVE-2026-44654",
    "bulletinFamily": "",
    "cwe": [
        "CWE-863"
    ],
    "cvelist": null,
    "sourceData": "danny-avila LibreChat < 0.8.5",
    "sourceHref": "",
    "cvss": {
        "score": 5.7,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "LibreChat",
    "version": "< 0.8.5",
    "vendor": "danny-avila",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

LibreChat: Shared-agent editor can globally delete owner’s file records — breaks owner’s other private agents_CVE-2026-44654