Security Advisory

CVE-2025-41258

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-18 11:08:19

Last updated 2026-03-18 14:19:49

Assigner sba-research

State PUBLISHED

Description

LibreChat version 0.8.1-rc2 uses the same JWT secret for the user session mechanism and RAG API which compromises the service-level authentication of the RAG API.

← Browse all CVEs View on cve.org ↗