CVE-2026-7847

LOW SEVERITY

CVSS Score & Metrics

Base Score

2.6 / 10

Vector String

                                        CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N                                    

Vulnerability Description

A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently random values. Access to the local network is required for this attack. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Vulnerability Details

Published Date

May 05, 2026

Last Modified

May 05, 2026

CWE ID

CWE-310

Source

NVD

External References

https://github.com/3em0/cve_repo/blob/main/Langchain-Chatchat/Vuln-3-Predictable-File-ID.md
https://github.com/chatchat-space/Langchain-Chatchat/
https://github.com/chatchat-space/Langchain-Chatchat/issues/5464
https://vuldb.com/submit/807796
https://vuldb.com/vuln/361126
https://vuldb.com/vuln/361126/cti

CVE-2026-7847

CVSS Score & Metrics

Vulnerability Description

Vulnerability Details

External References

Discussion (0)

Add Comment