A vulnerability was found in danny-avila LibreChat . It has been declared as critical . This issue affects some unknown processing of the file /api/auth/2fa/backup/regenerate of the component Session Token Handler . Executing a manipulation can lead to missing authentication. This vulnerability is registered as CVE-2026-54040 . It is possible to launch the attack remotely. No exploit is available. It is recommended to upgrade the affected component.