CVE-2026-22252 — Vulnetix

CVE-2026-22252 PUBLISHED CVSS 9.100000381469727 CRITICAL

LibreChat is a ChatGPT clone with additional features. Prior to v0.8.2-rc2, LibreChat's MCP stdio transport accepts arbitrary commands without validation, allowing any authenticated user to execute shell commands as root inside the container through a single API request. This vulnerability is fixed in v0.8.2-rc2.

EPSS 0.10% · 27.4th percentile

Risk Scores

CVSS v3.1

9.100000381469727

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H

EPSS Score

0.10%

27.4th percentile

Affected Products

Vendor	Product	Versions
danny-avila	LibreChat	< v0.8.2-rc2
librechat	librechat	0.8.2

Timeline

Jan 7, 2026 CVE ID Reserved
Jan 12, 2026 CVE Published
Jan 12, 2026 CVE Updated
Jan 12, 2026 PoC Published
Jan 12, 2026 PoC Published
Jan 12, 2026 PoC Published
Jan 13, 2026 EPSS Score
Jan 16, 2026 EPSS Score
Jan 19, 2026 EPSS Score
Jan 22, 2026 EPSS Score
Jan 25, 2026 EPSS Score
Jan 28, 2026 EPSS Score

References

https://github.com/danny-avila/LibreChat/security/advisories/GHSA-cxhj-j78r-p88f url
https://github.com/danny-avila/LibreChat/commit/211b39f3113d4e6ecab84be0a83f4e9c9dea127f url

Open in Interactive Console →