CVE-2026-54030
HighCVSS 8.0Exploitation Probability (EPSS)
Low risk1th percentile — higher than 1% of all known CVEs
Summary
A vulnerability in LibreChat before version 0.8.5 allows a malicious MCP server to steal access tokens intended for a legitimate server. The MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata (RFC 9728) matches the configured MCP server URL.
Risk Assessment
An attacker can intercept access tokens, leading to unauthorized access to protected resources and potential leakage of sensitive data.
Recommendation
Upgrade LibreChat to version 0.8.5 or later immediately, which includes a fix for this vulnerability.
Original NVD description (English source)
LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. Prior to 0.8.5, LibreChat's MCP OAuth implementation does not validate that the resource parameter from OAuth Protected Resource metadata (RFC 9728) matches the configured MCP server URL, allowing a malicious MCP server to steal access tokens intended for a legitimate server. This vulnerability is fixed in 0.8.5.

