A vulnerability was found in danny-avila LibreChat up to 0.7.6/0.8.2 and classified as problematic . This impacts an unknown function of the file /api/keys of the component API Keys Management Endpoint . Such manipulation of the argument userId leads to missing authorization. This vulnerability is documented as CVE-2026-31942 . The attack can be executed remotely. There is not any exploit available. It is suggested to upgrade the affected component.