LibreChat RAG API 0.7.0: Forged Log Entries Possible

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

LibreChat RAG API 0.7.0: Forged Log Entries Possible

CVE-2026-4276

Summary

Using LibreChat RAG API version 0.7.0, an attacker can manipulate log entries. This makes it difficult to trust the accuracy of the logs. Upgrade to a fixed version to prevent forged log entries.

Original title

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.

Original description

LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.

https://kb.cert.org/vuls/id/624941

Published: 16 Mar 2026 · Updated: 16 Mar 2026 · First seen: 16 Mar 2026