{"vulnerability": "cve-2026-32625", "sightings": [{"uuid": "a13df8bf-2fc9-4ab7-9e36-d7b6228d86da", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-32625", "type": "seen", "source": "https://bsky.app/profile/offseq.bsky.social/post/3mndsj3gb3q24", "content": "LibreChat faces a CRITICAL vuln (CVE-2026-32625): Auth users can steal secrets with malicious MCP URLs. Patch to 0.8.4-rc1 ASAP! Details: https://radar.offseq.com/threat/cve-2026-32625-cwe-200-exposure-of-sensitive-infor-b53af122 #OffSeq #Vulnerability #LibreChat", "creation_timestamp": "2026-06-03T00:00:39.083171Z"}, {"uuid": "b5e4ac97-3459-4f95-bf9f-f9eba63b0e63", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "cve-2026-32625", "type": "seen", "source": "https://infosec.exchange/users/offseq/statuses/116683232788673466", "content": "\ud83d\udd12 CVE-2026-32625 (CRITICAL): LibreChat < 0.8.4-rc1 lets any authenticated user exfiltrate secrets via crafted MCP server URLs. Upgrade ASAP to avoid full compromise of keys & DB creds. More: https://radar.offseq.com/threat/cve-2026-32625-cwe-200-exposure-of-sensitive-infor-b53af122 #OffSeq #Vulnerability #LibreChat #Infosec", "creation_timestamp": "2026-06-03T00:00:39.412298Z"}, {"uuid": "2444d64f-d62e-45f4-824e-faed7a010c33", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32625", "type": "seen", "source": "https://bsky.app/profile/thehackerwire.bsky.social/post/3mndskbjkrr2i", "content": "\ud83d\udd34 CVE-2026-32625 - Critical (9.6)\n\nLibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and...\n\nhttps://www.thehackerwire.com/vulnerability/CVE-2026-32625/\n\n#infosec #cybersecurity #CVE #vulnerability #security #patchstack", "creation_timestamp": "2026-06-03T00:01:18.850766Z"}, {"uuid": "26787dc4-6880-47f4-b0d7-16232e1de19f", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32625", "type": "seen", "source": "https://bsky.app/profile/hugovalters.bsky.social/post/3mner4wok2c2w", "content": "CVE-2026-32625 - Critical information disclosure in LibreChat. MCP server leaks process.env via Zod validation. CVSS 9.6. Authenticated users can exfiltrate sensitive data. No patch available. Disable MCP or restrict access immediately. #CV...\n\nhttps://www.valtersit.com/cve/CVE-2026-32625/", "creation_timestamp": "2026-06-03T09:08:36.815212Z"}, {"uuid": "ab4bba93-3140-455d-9c27-e626a4643986", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2026-32625", "type": "seen", "source": "https://bsky.app/profile/cve.skyfleet.blue/post/3mne44pm6o72d", "content": "CVE-2026-32625 - LibreChat Exfiltrates Server Secrets via MCP Server URL Injection\nCVE ID : CVE-2026-32625\n \n Published : June 2, 2026, 11:16 p.m. | 3\u00a0hours, 16\u00a0minutes ago\n \n Description : LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions...", "creation_timestamp": "2026-06-03T02:52:40.772108Z"}]}