Security Research: LibreChat
Background
LibreChat is an open-source web application that provides a unified chat interface for multiple AI model providers. As part of REA Group's application security practice, I helped identify two vulnerabilities in versions up to v0.7.4-rc1, both fixed in the v0.7.4 release.
The findings were presented at Programmable 2025, a developer conference, in a talk titled "Your app is vulnerable (but that's OK!)" co-presented with colleague Deeno Burgan. The talk used these CVEs as a case study in responsible disclosure and practical vulnerability remediation.
CVE-2024-41703 - Conversation Hijacking
The LibreChat API exposed internal conversation and message GUIDs through the shared-chat feature. A separate authorisation gap in the message-editing endpoint meant these IDs could be used to inject messages into another user's conversation - appearing as if the victim had authored them. An attacker could gain persistent control of a thread, with injected messages visible to both the victim and any AI model responding in context.
Severity: CVSS 5.4 (Medium)
CVE-2024-41704 - Path Traversal
The image request authorisation middleware checked that a URL contained the requesting user's ID, but did not normalise the path first. A traversal sequence such as / passed the check while accessing another user's uploaded files. The flaw affected all configurations, including those with secureImageLinks enabled.
Severity: CVSS 3.1 (Low)