CVE-2026-54040 | danny-avila LibreChat up to 0.8.4 Session Token regenerate missing authentication (GHSA-h59w-x9h4-m6gv)

A vulnerability was found in danny-avila LibreChat. It has been declared as critical. This issue affects some unknown processing of the file /api/auth/2fa/backup/regenerate of the component Session Token Handler. Executing a manipulation can lead to missing authentication.

This vulnerability is registered as CVE-2026-54040. It is possible to launch the attack remotely. No exploit is available.

It is recommended to upgrade the affected component.VulDB Recent EntriesRead More