#Initial contact regarding a security report submitted via huntr

Hello LibreChat maintainers,

Following your security reporting policy, I'd like to make initial contact regarding a security vulnerability I've reported.

I submitted a report via huntr on April 30, 2026, but the huntr-side triage does not appear to have completed yet, so I'm not sure whether it has been forwarded to your team. I wanted to make sure it's on your radar.

I noticed that GitHub Security Advisory is listed as the first option in your security policy. If you'd prefer, I'm happy to withdraw the huntr report and re-submit through GHSA instead — please let me know which channel works best for you.

My huntr handle: hanacus87

Happy to move to a private channel for any technical details.

Thank you for your work on this project.

https://github.com/danny-avila/LibreChat/security

Thank you for the guidance. I've now submitted the report via GitHub Security Advisory, and I'm withdrawing the huntr report accordingly.

Looking forward to coordinating with you through GHSA.

Thank you.

Thank you, Hana!