We are seeing reports of a CVE-2026-31950 affecting LibreChat as of March 27, 2026, in versions 0.8.2-rc2 through 0.8.2-rc3, where the SSE streaming endpoint is vulnerable to unauthorized access.
Evidence
According to News Source, the vulnerability is identified as CVE-2026-31950 and has been reported on March 27, 2026. Initially, the issue involves an IDOR in the SSE stream endpoint /api/agents/chat/stream/:streamId. Subsequently, any authenticated user who obtains or guesses a valid stream ID can subscribe and read another user’s real-time chat content, including messages, AI responses, and tool invocations. Specifically, this vulnerability allows attackers to gain sensitive information that could compromise privacy and data integrity. Furthermore, the patch is available in version 0.8.2, which fixes the verification logic.
Who Should Be Concerned
Most importantly, CIOs and CISOs of enterprises that deploy LibreChat for internal communication should be concerned. In particular, companies in finance, healthcare, legal, and other sectors that handle confidential conversations may face significant risks. Therefore, CISOs and sysadmins must update their systems to mitigate this vulnerability promptly.
Historical Context
Notably, similar IDORs have been discovered in other messaging platforms, leading to unauthorized data access. Similarly, the threat actor has evolved from opportunistic to targeted actors seeking confidential conversations.
Detailed Impact Analysis
Currently, the potential impact could affect thousands of users across enterprises, exposing personal chats and sensitive business discussions. Once an attacker obtains a valid stream ID, they can subscribe and read real-time chat content. Meanwhile, the absence of verification may lead to data breaches and operational disruptions. Consequently, the risk is substantial for organizations handling confidential information.
Immediate Actions Required
Immediately, update LibreChat to version 0.8.2 and verify that the SSE streaming endpoint now enforces ownership checks. Specifically, deploy the patch within 24 hours, test the endpoint with authenticated users, and monitor logs for unauthorized requests. Next, consider disabling streaming functionality until the patch is verified or implementing additional authentication tokens to enforce stream ownership. However, alternative mitigations may include temporarily restricting access to the SSE endpoint while awaiting full verification. Additionally, detect suspicious activity by reviewing SSE request logs and flagging any attempts to subscribe to unknown stream IDs.
Additional Resources
Get Expert Help
If you need assistance with patch deployment or security strategy, visit https://defendmybusiness.com/security-consultation/. Solution categories exist for this type of vulnerability.
