https://vulnerability.circl.lu/sightings/feed 2026-06-05T06:44:16.252006+00:00 Vulnerability-Lookup info@circl.lu python-feedgen Contains only the most 10 recent sightings. https://vulnerability.circl.lu/sighting/a13df8bf-2fc9-4ab7-9e36-d7b6228d86da/export 2026-06-05T06:44:16.645280+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "a13df8bf-2fc9-4ab7-9e36-d7b6228d86da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-32625", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mndsj3gb3q24", "content": "LibreChat faces a CRITICAL vuln (CVE-2026-32625): Auth users can steal secrets with malicious MCP URLs. Patch to 0.8.4-rc1 ASAP! Details: https://radar.offseq.com/threat/cve-2026-32625-cwe-200-exposure-of-sensitive-infor-b53af122 #OffSeq #Vulnerability #LibreChat", "creation_timestamp": "2026-06-03T00:00:39.083171Z"} 2026-06-03T00:00:39.083171+00:00 https://vulnerability.circl.lu/sighting/b5e4ac97-3459-4f95-bf9f-f9eba63b0e63/export 2026-06-05T06:44:16.645142+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "b5e4ac97-3459-4f95-bf9f-f9eba63b0e63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-32625", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116683232788673466", "content": "\ud83d\udd12 CVE-2026-32625 (CRITICAL): LibreChat < 0.8.4-rc1 lets any authenticated user exfiltrate secrets via crafted MCP server URLs. Upgrade ASAP to avoid full compromise of keys & DB creds. More: https://radar.offseq.com/threat/cve-2026-32625-cwe-200-exposure-of-sensitive-infor-b53af122 #OffSeq #Vulnerability #LibreChat #Infosec", "creation_timestamp": "2026-06-03T00:00:39.412298Z"} 2026-06-03T00:00:39.412298+00:00 https://vulnerability.circl.lu/sighting/2444d64f-d62e-45f4-824e-faed7a010c33/export 2026-06-05T06:44:16.644961+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "2444d64f-d62e-45f4-824e-faed7a010c33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32625", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mndskbjkrr2i", "content": "\ud83d\udd34 CVE-2026-32625 - Critical (9.6)\n\nLibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-32625/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-03T00:01:18.850766Z"} 2026-06-03T00:01:18.850766+00:00 https://vulnerability.circl.lu/sighting/ab4bba93-3140-455d-9c27-e626a4643986/export 2026-06-05T06:44:16.644805+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "ab4bba93-3140-455d-9c27-e626a4643986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32625", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mne44pm6o72d", "content": "CVE-2026-32625 - LibreChat Exfiltrates Server Secrets via MCP Server URL Injection\nCVE ID : CVE-2026-32625\n \n Published : June 2, 2026, 11:16 p.m. | 3\u00a0hours, 16\u00a0minutes ago\n \n Description : LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions...", "creation_timestamp": "2026-06-03T02:52:40.772108Z"} 2026-06-03T02:52:40.772108+00:00 https://vulnerability.circl.lu/sighting/26787dc4-6880-47f4-b0d7-16232e1de19f/export 2026-06-05T06:44:16.644618+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "26787dc4-6880-47f4-b0d7-16232e1de19f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32625", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mner4wok2c2w", "content": "CVE-2026-32625 - Critical information disclosure in LibreChat. MCP server leaks process.env via Zod validation. CVSS 9.6. Authenticated users can exfiltrate sensitive data. No patch available. Disable MCP or restrict access immediately. #CV...\n\nhttps://www.valtersit.com/cve/CVE-2026-32625/", "creation_timestamp": "2026-06-03T09:08:36.815212Z"} 2026-06-03T09:08:36.815212+00:00 https://vulnerability.circl.lu/sighting/d7ee09eb-be00-45f9-97fc-be61f0bc5973/export 2026-06-05T06:44:16.642687+00:00 Automation user https://vulnerability.circl.lu/user/automation {"uuid": "d7ee09eb-be00-45f9-97fc-be61f0bc5973", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32625", "type": "seen", "source": "https://bsky.app/profile/cyberhub.blog/post/3mnii2xnp7m2f", "content": "\ud83d\udccc CVE-2026-32625 - LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol (MCP) se... https://www.cyberhub.blog/cves/CVE-2026-32625", "creation_timestamp": "2026-06-04T20:37:05.915547Z"} 2026-06-04T20:37:05.915547+00:00