CVE-2026-59098
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Summary
LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method. Attackers can supply arbitrary victim file or knowledge-base identifiers through the chunk retrieval and chat knowledge-base paths to retrieve text content, file names, and metadata belonging to other users.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| lobehub | lobehub | 0 <= 2.2.9 | affected |
Weaknesses
- CWE-639: Authorization Bypass Through User-Controlled Key
References
- https://github.com/lobehub/lobehub/issues/16535
- https://github.com/lobehub/lobehub/pull/16594
- https://github.com/lobehub/lobehub/commit/4a7931a4e66832947dba11afdffae2918a56b6a0
- https://www.vulncheck.com/advisories/lobechat-cross-user-document-disclosure-via-unscoped-rag-semantic-search
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.