Security Advisory

CVE-2026-22252

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-01-12 18:01:48

Last updated 2026-01-12 18:48:33

Assigner GitHub_M

State PUBLISHED

Description

LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChats MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fixed in v0.8.2-rc2.

← Browse all CVEs View on cve.org ↗