Nixpkgs security tracker

Login with GitHub

Details of issue NIXPKGS-2026-0845

NIXPKGS-2026-0845
published on
Permalink CVE-2026-31951
6.8 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): Low (L)
  • User Interaction (UI): Required (R)
  • Scope (S): Changed (C)
  • Confidentiality (C): High (H)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): Low (L)
  • Modified User Interaction (MUI): Required (R)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Changed (C)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 1 month, 3 weeks ago by @mweinelt Activity log
  • Created suggestion 1 month, 3 weeks ago
  • @mweinelt accepted 1 month, 3 weeks ago
  • @mweinelt published on GitHub 1 month, 3 weeks ago
LibreChat's MCP Server Header Injection Enables OAuth Token Theft

LibreChat is a ChatGPT clone with additional features. In versions 0.8.2-rc1 through 0.8.3-rc1, user-created MCP (Model Context Protocol) servers can include arbitrary HTTP headers that undergo credential placeholder substitution. An attacker can create a malicious MCP server with headers containing `{{LIBRECHAT_OPENID_ACCESS_TOKEN}}` (and others), causing victims who call tools on that server to have their OAuth tokens exfiltrated. Version 0.8.3-rc2 fixes the issue.

Affected products

LibreChat
  • ==>= v0.8.2-rc1, <= v0.8.3-rc1

Matching in nixpkgs

pkgs.librechat

Open-source app for all your AI conversations, fully customizable and compatible with any AI provider

Package maintainers

https://github.com/danny-avila/LibreChat/security/advisories/GHSA-pmw7-gqwj-f954