GHSA-4rjg-9qq9-25m8
LibreTranslate versions through 1.9.7 contain an IP spoofing vulnerability in the get_remote_address() function. This flaw allows unauthenticated attackers to inject arbitrary values into the X-Forwarded-For header without trusted proxy validation. As a result, attackers can spoof client IP addresses to bypass per-IP rate limiting and flood bans, enabling unlimited API abuse. The vulnerability is fixed in a commit identified as 397fd22.
AI Analysis
Technical Summary
The vulnerability in LibreTranslate through version 1.9.7 is an IP spoofing issue in the get_remote_address() function. It arises because the application does not properly validate the X-Forwarded-For header against a list of trusted proxies. Attackers can exploit this by injecting arbitrary IP addresses into this header, effectively spoofing their client IP. This allows them to circumvent rate limiting and flood protection mechanisms that rely on client IP addresses, potentially leading to unlimited abuse of the API. The issue is tracked as CVE-2026-57942 and is fixed in commit 397fd22.
Potential Impact
Attackers can bypass IP-based rate limiting and flood bans by spoofing client IP addresses via the X-Forwarded-For header. This enables unlimited API abuse, which could lead to denial of service or resource exhaustion. The vulnerability does not require authentication and can be exploited remotely.
Mitigation Recommendations
A fix is available and has been implemented in commit 397fd22. Users of LibreTranslate should apply this update to ensure proper validation of the X-Forwarded-For header against trusted proxies. Until patched, consider implementing additional network-level controls to restrict access or validate client IPs.
GHSA-4rjg-9qq9-25m8
Description
LibreTranslate versions through 1.9.7 contain an IP spoofing vulnerability in the get_remote_address() function. This flaw allows unauthenticated attackers to inject arbitrary values into the X-Forwarded-For header without trusted proxy validation. As a result, attackers can spoof client IP addresses to bypass per-IP rate limiting and flood bans, enabling unlimited API abuse. The vulnerability is fixed in a commit identified as 397fd22.
CVSS v4.0
Affected software
pkg:github/libretranslate/LibreTranslateRun on your own infrastructure? Check whether these packages are installed with threat-finder — our free open-source scanner.
Weaknesses
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The vulnerability in LibreTranslate through version 1.9.7 is an IP spoofing issue in the get_remote_address() function. It arises because the application does not properly validate the X-Forwarded-For header against a list of trusted proxies. Attackers can exploit this by injecting arbitrary IP addresses into this header, effectively spoofing their client IP. This allows them to circumvent rate limiting and flood protection mechanisms that rely on client IP addresses, potentially leading to unlimited abuse of the API. The issue is tracked as CVE-2026-57942 and is fixed in commit 397fd22.
Potential Impact
Attackers can bypass IP-based rate limiting and flood bans by spoofing client IP addresses via the X-Forwarded-For header. This enables unlimited API abuse, which could lead to denial of service or resource exhaustion. The vulnerability does not require authentication and can be exploited remotely.
Mitigation Recommendations
A fix is available and has been implemented in commit 397fd22. Users of LibreTranslate should apply this update to ensure proper validation of the X-Forwarded-For header against trusted proxies. Until patched, consider implementing additional network-level controls to restrict access or validate client IPs.
Technical Details
- Gcve Source
- db.gcve.eu
- Osv Id
- GHSA-4rjg-9qq9-25m8
- Osv Schema Version
- 1.4.0
- Aliases
- ["CVE-2026-57942"]
- Ecosystems
- []
- Database Specific Severity
- MODERATE
- Cvss Version
- 4.0
Threat ID: 6a42ed1d27e9c79719933401
Added to database: 06/29/2026, 22:09:33 UTC
Last enriched: 06/29/2026, 22:14:14 UTC
Last updated: 06/30/2026, 01:31:24 UTC
Views: 3
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.