CVE-2026-54025 | danny-avila LibreChat up to 0.8.4-rc1/15.0.12 markdown.ts cross site scripting (GHSA-3phr-62qf-cxf3)

A vulnerability has been found in danny-avila LibreChat up to 0.8.4-rc1/15.0.12 and classified as problematic. Affected by this issue is some unknown functionality of the file client/src/utils/markdown.ts. This manipulation causes cross site scripting.

This vulnerability is tracked as CVE-2026-54025. The attack is possible to be carried out remotely. No exploit exists.

The affected component should be upgraded.VulDB Recent EntriesRead More