Lobe Chat <= v0.150.5 - Server-Side Request Forgery

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause...

LobeHub 跨站脚本漏洞

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained a cross-site scripting vulnerability. This vulnerability stemmed from improper filtering during the processing of custom tags, which could lead to cross-site scripting attacks and t...

GHSA-XQ4X-622M-Q8FQ LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution

Summary The vulnerability was automatically discovered by an ai agent and then manually verified. LobeChat's message rendering mechanism has a stored cross-site scripting XSS vulnerability. Combined with the Electron main process's exposed insecure IPC interface, attackers can construct malicious...

@bentwnghk/chat (>=1.91.2 <=1.91.6), @lobehub/chat (>=1.49.5 <=1.49.12) +2 more potentially affected by CVE-2026-42349 via @clerk/nextjs (>=6.10.2 <=6.28.1)

@clerk/nextjs NPM version =6.10.2, =1.91.2, =1.49.5, =0.0.2, =0.17.1, =0.17.3-centauri.0 Source cves: CVE-2026-42349 Source advisory: SNYK:JS-CLERKNEXTJS-16347747...

@bentwnghk/chat (>=1.91.2 <=1.91.6), @lobehub/chat (>=1.49.5 <=1.49.12) +2 more potentially affected by CVE-2026-42349 via @clerk/nextjs (>=6.10.2 <=6.28.1)

@clerk/nextjs NPM version =6.10.2, =1.91.2, =1.49.5, =0.0.2, =0.17.1, =0.17.3-centauri.0 Source cves: CVE-2026-42349 Source advisory: OSV:GHSA-W24R-5266-9C3C...

@bentwnghk/chat (>=1.91.2 <=1.91.6), @lobehub/chat (>=1.49.5 <=1.49.12) +2 more potentially affected by CVE-2026-41248 via @clerk/nextjs (>=6.10.2 <=6.28.1)

@clerk/nextjs NPM version =6.10.2, =1.91.2, =1.49.5, =0.0.2, =0.17.1, =0.17.3-centauri.0 Source cves: CVE-2026-41248 Source advisory: OSV:GHSA-VQX2-FGX2-5WQ9...

CVE-2026-39411 LobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR ke...

EUVD-2026-20598

LobeHub: Unauthenticated authentication bypass on webapi routes via forgeable X-lobe-chat-auth header...

User Impersonation

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

LobeHub 安全漏洞

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 2.1.48 contained security vulnerabilities. These vulnerabilities stemmed from the WebAPI authentication layer, which trusted client control headers that had only been XOR-encrypted. This allowed...

External Control of File Name or Path

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

CVE-2026-23835 LobeHub Vulnerable to Improper Authorization in Presigned Upload

LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitra...

CVE-2026-23835

CVE-2026-23835 affects Lobehub/LobeHub prior to 1.143.3, where the file upload endpoint (file.createFile) does not validate request integrity, enabling an attacker to intercept and modify upload parameters, create arbitrary files in unintended paths, and misreport file sizes to bypass storage quo...

CVE-2026-23835 LobeHub Vulnerable to Improper Authorization in Presigned Upload

LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and modify the request parameters. As a result, it is possible to create arbitra...

LobeHub security vulnerability

LobeHub is an open-source AI dialogue framework developed by LobeHub. Versions of LobeHub prior to 1.143.3 contained security vulnerabilities. These vulnerabilities stemmed from the file upload feature not verifying the integrity of requests and allowing manipulation of the file size parameter...

PT-2026-5439

Name of the Vulnerable Software and Affected Versions LobeHub versions prior to 1.143.3 Description LobeHub is an open source human-and-AI-agent network. The file upload feature in Knowledge Base File Upload does not validate the integrity of the upload request, allowing users to intercept and...

Access Control Bypass

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

Arbitrary Code Injection

Overview @lobehub/lobehub is a LobeHub - an open-source,comprehensive AI Agent framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Supports one-click free deployment of your private ChatGPT/LLM web application. Affected versions of this package are...

Cross-site Scripting (XSS)

@lobehub/cha is vulnerable to a Cross-Site Scripting XSS. The vulnerability is due to unsafe SVG rendering due to SVGRenderer using dangerouslySetInnerHTML for image/svg+xml lobeArtifact content. An attacker can inject malicious SVGs via chat messages...

CVE-2025-62505

creationtimestamp| type| source ---|---|--- 2025-10-17 09:26:18+00:00| published-proof-of-concept| https://github.com/lobehub/lobehub/security/advisories/GHSA-fgx4-p8xf-qhp9...