{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata — refreshed continuously.","feed_url":"https://feed.craftedsignal.io/tags/cve-2026-31943/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cves":[],"_cs_exploited":false,"_cs_products":[],"_cs_severities":["high"],"_cs_tags":["ssrf","librechat","cve-2026-31943"],"_cs_type":"advisory","_cs_vendors":[],"content_html":"\u003cp\u003eLibreChat, a ChatGPT clone, contains a Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-31943) in versions prior to 0.8.3. The \u003ccode\u003eisPrivateIP()\u003c/code\u003e function in \u003ccode\u003epackages/api/src/auth/domain.ts\u003c/code\u003e fails to properly detect IPv4-mapped IPv6 addresses when they are in their hex-normalized form. This flaw allows an authenticated user to bypass SSRF protection mechanisms and force the LibreChat server to make HTTP requests to internal network resources. These resources include cloud metadata…\u003c/p\u003e\n","date_modified":"2026-03-28T12:00:00Z","date_published":"2026-03-28T12:00:00Z","id":"/briefs/2026-03-librechat-ssrf/","summary":"LibreChat versions prior to 0.8.3 are vulnerable to Server-Side Request Forgery (SSRF), allowing authenticated users to bypass IP address validation and make the server issue HTTP requests to internal network resources.","title":"LibreChat SSRF Vulnerability (CVE-2026-31943)","url":"https://feed.craftedsignal.io/briefs/2026-03-librechat-ssrf/"}],"language":"en","title":"CraftedSignal Threat Feed — Cve-2026-31943","version":"https://jsonfeed.org/version/1.1"}