Vulnerability DatabaseCVE-2026-7847
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2026-7847
Published:May 05, 2026
Updated:May 16, 2026
A vulnerability was found in chatchat-space Langchain-Chatchat up to 0.3.1.3. The affected element is the function _get_file_id of the file libs/chatchat-server/chatchat/server/api_server/openai_routes.py of the component Uploaded File Handler. Performing a manipulation results in insufficiently random values. Access to the local network is required for this attack. The attack's complexity is rated as high. The exploitability is described as difficult. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.
Related Resources (8)
https://github.com/chatchat-space/Langchain-Chatchat/issues/5464
https://vuldb.com/submit/807796
https://github.com/chatchat-space/Langchain-Chatchat/
https://vuldb.com/vuln/361126
https://vuldb.com/vuln/361126/cti
https://github.com/chatchat-space/Langchain-Chatchat
https://github.com/3em0/cve_repo/blob/main/Langchain-Chatchat/Vuln-3-Predictable-File-ID.md
https://nvd.nist.gov/vuln/detail/CVE-2026-7847
Do you need more information?
Contact Us
CVSS v4
Base Score:
1.2
Attack Vector
ADJACENT
Attack Complexity
HIGH
Attack Requirements
NONE
Privileges Required
LOW
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
NONE
Vulnerable System Availability
NONE
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
Exploit Maturity
POC
CVSS v3
Base Score:
2.6
Attack Vector
ADJACENT
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
NONE
Availability
NONE
Exploit Maturity
PROOF-OF-CONCEPT
Weakness Type (CWE)
Use of Insufficiently Random Values
CWE-330
EPSS
Base Score:
0.03