Critical Vulnerability CVE-2026-32625 Discovered in LibreChat
ID: 37742e57-87fa-5a0b-a24b-84440ec204ee
STIX ID: report--37742e57-87fa-5a0b-a24b-84440ec204ee
Feed Name: ThreatCluster
Threat Score
CVE-2026-32625 is a critical information-disclosure vulnerability in LibreChat (<=0.8.3) that allows authenticated users to craft MCP server URLs containing environment-variable placeholders which are resolved against the server's process.env, enabling exfiltration of secrets (e.g., CREDS_KEY, CREDS_IV, JWT_SECRET, MONGO_URI); a patch is available in 0.8.4-rc1 and administrators should upgrade and monitor outbound traffic.
Your team is not currently subscribed to this feed. You must subscribe to it in order to see this post.