CVE-2026-59098
CVE-2026-59098 affects LobeChat up to version 2.2.9. A broken access control in the retrieval-augmented-generation semantic search functionality allows an authenticated attacker to access another user’s data by exploiting missing user-identifier predicates in the chunk model semanticSearch method...