CVE-2026-54040

Publié : 25 juin 2026

Modifié : 25 juin 2026

Score CVSS

5.9

MEDIUM

Description détaillée

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.4-rc1, the POST /api/auth/2fa/backup/regenerate endpoint regenerates all 2FA backup codes without requiring any TOTP token or existing backup code verification. An attacker with a stolen session token can silently replace a victim's backup codes and use them to bypass 2FA login or disable 2FA entirely. This vulnerability is fixed in 0.8.4-rc1.

Vecteur d'attaque (CVSS)

Vecteur brut :CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N

Références et Patchs

https://github.com/danny-avila/LibreChat/security/advisories/GHSA-h59w-x9h4-m6gv https://github.com/danny-avila/LibreChat/security/advisories/GHSA-h59w-x9h4-m6gv

Dernières Vulnérabilités

CVE-2026-57700

Unrestricted Upload of File with Dangerous Type vulnerability in Daan.Dev OMGF Pro allows Using Malicious Files. This issue affects OMGF Pro: from n/a through 5.2.6.

VOIR DÉTAILS

CVE-2026-56790

CANBoat through 6.22, fixed in commit a5a22b7, contains an off-by-one global buffer overflow in the searchForPgn() function in analyzer/pgn.c that allows remote attackers to crash the application. Attackers can deliver a crafted NMEA-2000 message with an out-of-range PGN value over CAN bus or N2K-over-IP to trigger an out-of-bounds array access and denial of service.

VOIR DÉTAILS

CVE-2026-56789

RTKLIB through 2.4.3 contains a heap buffer overflow vulnerability in the readrnxobsb function in src/rinex.c that allows attackers to trigger memory corruption by failing to clamp satellite count values from RINEX epoch headers. Attackers can craft malicious RINEX files declaring more than 64 satellites per epoch to cause heap buffer overflow writes and out-of-bounds stack reads, crashing RTKLIB-based applications including rnx2rtkp and RTKPOST.

VOIR DÉTAILS