Skip to main content

CISA issues alert on log-injection vulnerability in LibreChat RAG API

March 16, 2026

The LibreChat Retrieval Augmented Generation (RAG) Application Programming Interface (API) version 0.7.0 exhibits a log-injection vulnerability that affects the integrity of system audit logs by allowing an authenticated user to manipulate log entries. This issue potentially undermines log authenticity and may facilitate further exploitation through insecure log-management interfaces.

Specifically, the vulnerability identified as CVE-2026-4276 impacts the LibreChat RAG API, which is implemented using Python FastAPI and LangChain. The service processes user-uploaded documents via an ID-based indexing method, extracting text content which is transformed into embeddings through OpenAI or local Ollama providers and stored in PostgreSQL with the pgvector extension. The flaw arises because the API does not properly sanitize user input within the file_id parameter of POST requests before logging, allowing carriage return and line feed (CRLF) characters to be injected. This deficiency permits authenticated attackers to insert forged lines into system logs.

Exploitation of this vulnerability permits an authenticated individual to conceal unauthorized actions, mislead forensic analysis, or impersonate users within the system. The risk further extends if the corrupted logs are reviewed through web-based administrative consoles or unprotected log-management tools, where the injected log entries may enable subsequent attacks such as Cross-Site Scripting (XSS) or remote code execution.

No patch or vendor coordination has been achieved for this vulnerability. The primary mitigation measures advised include applying filters during RAG data ingestion to sanitize input logs, deactivating the pgvector extension in PostgreSQL if it is not utilized, and validating output from the RAG API prior to forwarding data to other systems to prevent indirect injection attacks. These mitigations may be combined to provide layered defense until a formal update addressing the vulnerability is released.

This report credits Caio Bittencourt with coordinating the vulnerability disclosure and was prepared by Disaster Recovery (DR). Elke Drennan, CISSP. The advisory dates to March 16, 2026, and is cataloged under CVE-2026-4276.