CVE-2026-31944 is a critical security vulnerability classified under CWE-306 (Missing Authentication for Critical Function) affecting the LibreChat application, specifically versions from 0.8.2 up to 0.8.2-rc3. LibreChat is a ChatGPT clone that integrates with various services via the Model Context Protocol (MCP) using OAuth for authentication. The vulnerability resides in the MCP OAuth callback endpoint, which improperly accepts OAuth redirect responses from the identity provider without verifying that the browser session initiating the callback is authenticated or matches the user who started the OAuth flow. Consequently, an attacker can craft an authorization URL and send it to a victim. When the victim completes the OAuth authorization, their OAuth tokens are mistakenly stored in the attacker's LibreChat account. This token misattribution enables the attacker to gain unauthorized access to the victim’s linked services, such as Atlassian and Outlook, effectively allowing account takeover of these MCP-integrated services. The vulnerability requires user interaction (the victim completing the OAuth flow) but does not require the attacker to have prior authentication privileges. The flaw impacts confidentiality severely by exposing OAuth tokens to attackers, while integrity and availability impacts are limited. The vulnerability has a CVSS v3.1 base score of 7.6 (high severity), reflecting network attack vector, low attack complexity, required privileges, user interaction, and partial scope change. The issue was publicly disclosed on March 13, 2026, and fixed in LibreChat version 0.8.3-rc1. No known exploits are reported in the wild yet. The root cause is the lack of proper session and user identity verification during the OAuth callback handling, a critical step in securing OAuth flows.

The primary impact of CVE-2026-31944 is unauthorized access to OAuth tokens belonging to victims, enabling attackers to take over accounts on MCP-linked services such as Atlassian and Outlook. This compromises the confidentiality of sensitive user data and potentially exposes corporate resources, emails, and collaboration tools. Organizations relying on LibreChat for integration with critical services face risks of data breaches, unauthorized actions, and lateral movement within their networks. The attack requires social engineering to lure victims into completing the OAuth flow, but once successful, it bypasses normal authentication controls. This can lead to significant operational disruption, loss of intellectual property, and reputational damage. Since OAuth tokens often grant broad access, the scope of compromise can be extensive. The vulnerability does not directly affect system availability or data integrity but can indirectly facilitate further attacks. Enterprises using affected LibreChat versions in sectors like technology, finance, government, and education are particularly vulnerable due to their reliance on integrated cloud services.

To mitigate CVE-2026-31944, organizations should immediately upgrade LibreChat to version 0.8.3-rc1 or later, where the vulnerability is patched. Additionally, administrators should audit OAuth token storage and revoke any suspicious tokens linked to the attack scenario. Implement strict session validation on OAuth callback endpoints to ensure the user completing the OAuth flow matches the initiating user session. Employ multi-factor authentication (MFA) on linked services to reduce the impact of token compromise. Educate users about phishing and social engineering risks related to OAuth authorization flows. Monitor OAuth-related logs for unusual authorization patterns or token storage anomalies. Consider implementing OAuth state parameters and nonce validation to prevent CSRF and replay attacks. Finally, limit the scope and lifetime of OAuth tokens to minimize exposure if compromised.