CVE-2026-44654 MEDIUM

CVE-2026-44654: LibreChat: Shared-agent editor can globally delete owner's file records — breaks owner's other private agents

Vendor Danny-Avila
Product LibreChat
Weakness CWE-863 · Incorrect authorization
Published June 2, 2026
Last update June 3, 2026

CVSS base score

5.7/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N/E:P

What the vulnerability does

01Description

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, a shared-agent editor can delete file records through `DELETE /api/files` that the owner has reused across multiple agents. The deletion removes the file globally — not just from the shared agent — breaking the owner's other private agents that reference the same `file_id`. The private agent retains a stale `file_id` reference that no longer resolves. A shared-agent editor can destroy files that the owner uses across multiple agents. The owner's private agents — which the attacker has no access to — break silently with stale `file_id` references. This is a cross-agent integrity violation: editing access to one agent should not affect another. Version 0.8.4 contains a patch.

Key dates

02Disclosure timeline

June 2, 2026 CVE published
June 3, 2026 Record updated