https://feed.craftedsignal.io/tags/cve-2026-31943/Trending threats, MITRE ATT&CK coverage, and detection metadata — refreshed continuously.Hugoenhello@craftedsignal.iohello@craftedsignal.ioSat, 28 Mar 2026 12:00:00 +0000https://feed.craftedsignal.io/briefs/2026-03-librechat-ssrf/Sat, 28 Mar 2026 12:00:00 +0000hello@craftedsignal.iohttps://feed.craftedsignal.io/briefs/2026-03-librechat-ssrf/LibreChat versions prior to 0.8.3 are vulnerable to Server-Side Request Forgery (SSRF), allowing authenticated users to bypass IP address validation and make the server issue HTTP requests to internal network resources.LibreChat, a ChatGPT clone, contains a Server-Side Request Forgery (SSRF) vulnerability (CVE-2026-31943) in versions prior to 0.8.3. The isPrivateIP() function in packages/api/src/auth/domain.ts fails to properly detect IPv4-mapped IPv6 addresses when they are in their hex-normalized form. This flaw allows an authenticated user to bypass SSRF protection mechanisms and force the LibreChat server to make HTTP requests to internal network resources. These resources include cloud metadata…

]]>highadvisoryssrflibrechatcve-2026-31943