{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-4276", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-03-16T15:25:58.025Z", "datePublished": "2026-03-16T15:31:35.542Z", "dateUpdated": "2026-03-17T17:15:16.494Z"}, "containers": {"cna": {"title": "LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.", "descriptions": [{"lang": "en", "value": "LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "LibreChat", "product": "RAG API", "versions": [{"status": "affected", "version": "0.7.0"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20 Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "description": "CWE-117 Improper Output Neutralization for Logs"}]}], "references": [{"url": "https://kb.cert.org/vuls/id/624941"}], "x_generator": {"engine": "VINCE 3.0.32", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4276"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-16T15:31:35.542Z"}}, "adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/624941"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-16T16:22:47.436Z"}}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-17T17:14:14.174075Z", "id": "CVE-2026-4276", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T17:15:16.494Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.kb.cert.org/vuls/id/624941"}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2026-03-16T16:22:47.436Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-4276", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-17T17:14:14.174075Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-17T17:14:58.035Z"}}], "cna": {"title": "LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries.", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "LibreChat", "product": "RAG API", "versions": [{"status": "affected", "version": "0.7.0"}]}], "references": [{"url": "https://kb.cert.org/vuls/id/624941"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.32", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-4276"}, "descriptions": [{"lang": "en", "value": "LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-20 Improper Input Validation"}]}, {"descriptions": [{"lang": "en", "description": "CWE-117 Improper Output Neutralization for Logs"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-03-16T15:31:35.542Z"}}}, "cveMetadata": {"cveId": "CVE-2026-4276", "state": "PUBLISHED", "dateUpdated": "2026-03-17T17:15:16.494Z", "dateReserved": "2026-03-16T15:25:58.025Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-03-16T15:31:35.542Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "LibreChat RAG API, version 0.7.0, contains a log-injection vulnerability that allows attackers to forge log entries."}], "id": "CVE-2026-4276", "lastModified": "2026-03-17T18:16:17.670", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-16T16:16:18.723", "references": [{"source": "cret@cert.org", "url": "https://kb.cert.org/vuls/id/624941"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.kb.cert.org/vuls/id/624941"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "0.7.0"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "RAG API", "source": "cna", "vendor": "LibreChat"}, "product": "rag_api", "vendor": "librechat"}], "analysis": {"en": {"generated_at": "2026-03-27T21:57:37.209389+00:00", "value": {"mitigation_remediation": ["Upgrade LibreChat RAG API to the latest patched version.", "Restrict API access to trusted users or IP ranges.", "Sanitize or escape all data before writing to logs.", "Enable strict logging controls and alert on suspicious log patterns.", "Monitor security advisories and apply future updates promptly."], "summary": {"action": "Patch Now", "impact": "Log Poisoning"}, "threat_synthesis": {"affected_systems": "Systems running LibreChat RAG API 0.7.0 are affected. The vulnerability is specific to this version of the RAG API, so any deployment using this exact release or earlier without the fix is potentially susceptible.", "description_and_impact": "LibreChat RAG API version 0.7.0 includes a log\u2011injection flaw that lets an attacker insert malformed data into log files, creating forged entries that could hide malicious activity or mislead forensics. This ultimately compromises the integrity of audit logs, allowing deception and obfuscation of real events. The weakness is a classic injection vulnerability, as it fails to sanitize user\u2011supplied input before logging it.", "risk_and_exploitability": "The CVSS base score of 7.5 indicates a high impact risk. EPSS is below 1%, suggesting the probability of exploitation is currently low, and the issue is not yet in CISA\u2019s KEV catalog. The likely attack vector would be through remote API calls that submit data to the service, given that the vulnerability is triggered via log input. However, this inference comes from the nature of the flaw rather than explicit documentation. If exploited, attackers could tamper with audit trails, undermining incident response."}}}}, "created": "2026-03-17T09:52:37.692737+00:00", "updated": "2026-03-29T20:29:08.886171+00:00", "vendors": ["librechat", "librechat$PRODUCT$rag_api"], "weaknesses": ["CWE-107", "CWE-20"]}