CVE-2026-31943

HIGH

LibreChat has SSRF protection bypass via IPv4-mapped IPv6 normalization in isPrivateIP

Title source: cna

Description

LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources — including cloud metadata services (e.g., AWS `169.254.169.254`), loopback, and RFC1918 ranges. Version 0.8.3 fixes the issue.

References (1)

[X_Refsource_Confirm] https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c

Scores

CVSS v3 8.5

EPSS 0.0004

EPSS Percentile 11.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N

CISA SSVC

Vulnrichment

Exploitation poc

Automatable no

Technical Impact partial

Details

CWE

CWE-918

Status published

Products (3)

danny-avila/LibreChat < 0.8.3

librechat/librechat 0.8.3 rc1 (2 CPE variants)

librechat/librechat < 0.8.3

Published Mar 27, 2026

Tracked Since Mar 29, 2026