news - zero redgem

Recent Advisories

Severity	ID	Title	Vendor	Product	Date	Type
MEDIUM 5.3	CVE-2026-54573	Authorization Bypass in API Key/OAuth Scopes via Path Parsing Discrepancy_CVE-2026-54573 Outline is a service that allows for collaborative documentation. Prior to 1.8.0, the AuthenticationHelper.canAccess function uses ctx.originalUrl ...	outline	outline < 1.8.0	Jun 25, 2026	CVE
MEDIUM 6.9	CVE-2026-54448	Trivy: Helm chart tar bomb causes OOM via unbounded io.ReadAll in parser_CVE-2026-54448 Trivy is a security scanner. Prior to 0.71.0, when Trivy scans a Helm chart archive (.tgz), its custom tar unpacker reads each entry with io.ReadAl...	aquasecurity	trivy < 0.71.0	Jun 25, 2026	CVE
MEDIUM 5.9	CVE-2026-54040	LibreChat: 2FA Backup Code Regeneration Without OTP Verification Allows 2FA Bypass_CVE-2026-54040 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint r...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54037	LibreChat: Incomplete Fix for CVE-2025-7105 — /api/convos/duplicate Lacks Rate Limiting Applied to /api/convos/fork_CVE-2026-54037 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2025-7105 added forkIpLimiter and f...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
HIGH 7.7	CVE-2026-54033	LibreChat: SSRF via User-Provided Custom Endpoint baseURL — no private IP validation on user-configured API base URLs_CVE-2026-54033 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, LibreChat allows users to configure custom OpenAI-c...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
HIGH 8	CVE-2026-54030	LibreChat: Missing Resource Parameter Validation in MCP OAuth Flow_CVE-2026-54030 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate ...	danny-avila	LibreChat < 0.8.5	Jun 25, 2026	CVE
MEDIUM 5.3	CVE-2026-54029	LibreChat: IDOR in Message Deletion — Incomplete Fix for CVE-2024-41703 Leaves deleteMessages() Without User Filter_CVE-2026-54029 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the DELETE /api/messages/:conversationId/:messageId...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54027	LibreChat: Image Upload Route Bypasses Agent Permission Check — Incomplete Fix for File Upload Authorization_CVE-2026-54027 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/files/images endpoint allows any auth...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 5.4	CVE-2026-54025	LibreChat: Stored XSS via unescaped image alt text in markdown artifact preview_CVE-2026-54025 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, there is a vulnerability in LibreChat's markdown ar...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE
MEDIUM 6.5	CVE-2026-54024	LibreChat: Incomplete Fix for CVE-2024-11171 — Conversation Import Multer Instance Missing File Size Limits_CVE-2026-54024 LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the fix for CVE-2024-11171 (commit bb58a2d0) added ...	danny-avila	LibreChat < 0.8.4-rc1	Jun 25, 2026	CVE