CVE-2024-11173

MEDIUM

Librechat < 0.7.6 - Denial of Service

Title source: rule

Description

An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception. Although a valid JWT is required to exploit this vulnerability, LibreChat allows open registration, enabling unauthenticated attackers to create an account and perform the attack. The issue is fixed in version 0.7.6.

References (2)

Scores

CVSS v3 6.5
EPSS 0.0023
EPSS Percentile 45.1%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Classification

CWE
CWE-248
Status published

Affected Products (1)

librechat/librechat < 0.7.6

Timeline

Published Mar 20, 2025
Tracked Since Feb 18, 2026