CVE-2026-4276

Summary

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.

Affected Software

VendorProductVersion RangeStatus
LibreChatRAG API0.7.0affected

Weaknesses

  • CWE-20 Improper Input Validation
  • CWE-117 Improper Output Neutralization for Logs

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References