Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

lobehub — Vulnerabilities & Security Advisories 19

Browse all 19 CVE security advisories affecting lobehub. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Lobehub develops wireless communication devices primarily for business conferencing and remote collaboration solutions. Historically, the devices have been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These flaws often stem from improper input validation, insecure authentication mechanisms, and firmware weaknesses. While no major public security incidents have been widely reported, the 12 documented CVEs indicate a pattern of security concerns that could potentially allow unauthorized access or system compromise. Organizations using these devices should implement network segmentation and ensure timely firmware updates to mitigate potential risks.

Top products by lobehub: lobe-chat lobehub
CVE IDTitleCVSSSeverityPublished
CVE-2026-59100 LobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent Operations — lobehubCWE-639 5.0 Medium2026-07-02
CVE-2026-59098 LobeChat 2.2.9 - Cross-User Document Disclosure via Unscoped RAG Semantic Search — lobehubCWE-639 6.5 Medium2026-07-02
CVE-2026-59095 LobeChat < 2.2.10-canary.18 - SSRF via importFromUrl and fetchImageFromUrl — lobehubCWE-918 7.7 High2026-07-02
CVE-2026-58580 LobeChat 2.2.9 - Broken Object-Level Authorization in Message Sub-Resource Writes — lobehubCWE-639 5.9 Medium2026-07-02
CVE-2026-58578 LobeChat < 2.2.10-canary.15 - Regular Expression Denial of Service in GitHub Skill Import — lobehubCWE-1333 6.5 Medium2026-07-02
CVE-2026-54157 LobeHub: Unauthenticated SSRF in `/webapi/proxy` — lobehubCWE-918 9.0 Critical2026-06-23
CVE-2026-42045 LobeHub: Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE) — lobehubCWE-79 6.2 Medium2026-05-12
CVE-2026-39411 LobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header — lobehubCWE-287 5.0 Medium2026-04-08
CVE-2026-23835 LobeHub Vulnerable to Improper Authorization in Presigned Upload — lobe-chatCWE-73 6.5AIMediumAI2026-01-30
CVE-2026-23522 Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion — lobe-chatCWE-284 3.7 Low2026-01-19
CVE-2026-23733 Lobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE) — lobe-chatCWE-94 6.4 Medium2026-01-18
CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module — lobe-chatCWE-918 3.0 Low2025-10-17
CVE-2025-59426 lobe-chat has an Open Redirect — lobe-chatCWE-601 4.3 Medium2025-09-25
CVE-2025-59417 Lobe Chat Desktop Vulnerable to Remote Code Execution via XSS in Chat Messages — lobe-chatCWE-79 8.2AIHighAI2025-09-18
CVE-2024-32965 ssrf vulnerability in lobe-chat — lobe-chatCWE-918 8.1 High2024-11-26
CVE-2024-47066 Lobe Chat has insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) — lobe-chatCWE-918 9.0 Critical2024-09-23
CVE-2024-37895 API Key Leak in lobe-chat — lobe-chatCWE-200 5.7 Medium2024-06-17
CVE-2024-32964 lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability — lobe-chatCWE-918 9.0 Critical2024-05-10
CVE-2024-24566 Lobe Chat unauthorized access to plugins — lobe-chatCWE-284 5.3 Medium2024-01-31

This page lists every published CVE security advisory associated with lobehub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.