GHSA-jv4p-mhmp-69vw
Suggest an improvement- Source
- https://github.com/advisories/GHSA-jv4p-mhmp-69vw
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2026/05/GHSA-jv4p-mhmp-69vw/GHSA-jv4p-mhmp-69vw.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-jv4p-mhmp-69vw
- Aliases
-
- CVE-2026-7847
- Published
- 2026-05-05T18:33:27Z
- Modified
- 2026-05-08T22:42:30.402939Z
- Severity
-
- 2.6 (Low) CVSS_V3 - CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- 1.2 (Low) CVSS_V4 - CVSS:4.0/AV:A/AC:H/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:P CVSS Calculator
- Summary
- Langchain-Chatchat Uses Insufficiently Random Values
- Details
-
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function getfileid of the file libs/chatchat-server/chatchat/server/apiserver/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently random values. Access to the local network is required for this attack. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
- Database specific
{ "nvd_published_at": "2026-05-05T17:17:05Z", "severity": "LOW", "cwe_ids": [ "CWE-330" ], "github_reviewed": true, "github_reviewed_at": "2026-05-08T22:20:20Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2026-7847
- https://github.com/chatchat-space/Langchain-Chatchat/issues/5464
- https://github.com/3em0/cve_repo/blob/main/Langchain-Chatchat/Vuln-3-Predictable-File-ID.md
- https://github.com/chatchat-space/Langchain-Chatchat
- https://vuldb.com/submit/807796
- https://vuldb.com/vuln/361126
- https://vuldb.com/vuln/361126/cti
Affected packages
PyPI / langchain-chatchat
Package
- Name
- langchain-chatchat
- View open source insights on deps.dev
- Purl
- pkg:pypi/langchain-chatchat
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedLast affected0.3.1.3
Affected versions
0.*
0.3.0
0.3.0.20240506
0.3.0.20240606
0.3.0.20240610
0.3.0.20240610.1
0.3.0.20240611
0.3.0.20240612
0.3.0.20240612.1
0.3.0.20240612.2
0.3.0.20240612.3
0.3.0.20240612.4
0.3.0.20240616
0.3.0.20240618
0.3.0.20240619
0.3.0.20240621
0.3.0.20240621.3
0.3.0.20240625
0.3.0.20240625.1
0.3.1
0.3.1.1
0.3.1.2
0.3.1.3