CVE-2026-33265
Published: 18 March 2026
Summary
CVE-2026-33265 is a medium-severity Incorrect Resource Transfer Between Spheres (CWE-669) vulnerability in Librechat Librechat. Its CVSS base score is 6.3 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Privilege Escalation (T1068); ranked at the 24.2th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and AC-4 (Information Flow Enforcement).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Enforces approved authorizations for information flow between the LibreChat API and RAG API spheres, directly preventing incorrect resource transfer via shared JWT tokens.
Mandates enforcement of access control policies at each API, blocking unauthorized access enabled by JWT validity across boundaries.
Applies least privilege to restrict JWT scopes to only the intended API, mitigating over-privileging that allows exploitation across APIs.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The auth bypass allows a low-privileged logged-in user to misuse a legitimately obtained JWT for unauthorized RAG API access (scope change), directly enabling exploitation for privilege escalation and use of application access tokens as alternate authentication material.
NVD Description
In LibreChat 0.8.1-rc2, a logged-in user obtains a JWT for both the LibreChat API and the RAG API.
Deeper analysisAI
CVE-2026-33265 is a vulnerability in LibreChat version 0.8.1-rc2, where a logged-in user obtains a JWT token valid for both the LibreChat API and the RAG API. This issue, published on 2026-03-18, carries a CVSS v3.1 base score of 6.3 (AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L) and maps to CWE-669 (Incorrect Resource Transfer Between Spheres), indicating improper handling of authentication credentials across API boundaries.
The attack requires a local, low-privileged adversary, such as an authenticated user, who can exploit it with low complexity and no user interaction. Exploitation changes the scope and enables limited impacts on confidentiality, integrity, and availability, likely through unauthorized access enabled by the shared JWT validity.
Advisories provide further details on mitigation; refer to the SBA Research advisory at https://github.com/sbaresearch/advisories/tree/public/2025/SBA-ADV-20251205-01_LibreChat_RAG_API_Authentication_Bypass, which addresses the RAG API authentication bypass, and the OSS-Security mailing list announcement at https://www.openwall.com/lists/oss-security/2026/03/18/3.
Details
- CWE(s)