Vulnerability Database

314,433

Total vulnerabilities in the database

CVE-2024-11167

An improper access control vulnerability in danny-avila/librechat versions prior to 0.7.6 allows authenticated users to delete other users' prompts via the groupid parameter. This issue occurs because the endpoint does not verify whether the provided prompt ID belongs to the current user.

Published: Mar 20, 2025
Updated: Nov 16, 2025
CVE: CVE-2024-11167
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

CWEs:

CWE-284
CWE-639

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
librechat / librechat	-	0.7.6

https://github.com/danny-avila/librechat/commit/5071bdbf9ac621165f0e8d009818851f3951eee7
https://huntr.com/bounties/298f5760-5797-4432-8b9e-544609d612c0

Deep Security Visibility Without the Complexity

SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.

No setup fees
5-min deployment
Cancel anytime

Book a Demo