GHSA-w676-mrp6-5fqqHighCVSS 6.5
LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented...
🔗 CVE IDs covered (1)
📋 Description
LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method. Attackers can supply arbitrary victim file or knowledge-base identifiers through the chunk retrieval and chat knowledge-base paths to retrieve text content, file names, and metadata belonging to other users.
🔗 References (6)
- https://nvd.nist.gov/vuln/detail/CVE-2026-59098
- https://github.com/lobehub/lobehub/issues/16535
- https://github.com/lobehub/lobehub/pull/16594
- https://github.com/lobehub/lobehub/commit/4a7931a4e66832947dba11afdffae2918a56b6a0
- https://www.vulncheck.com/advisories/lobechat-cross-user-document-disclosure-via-unscoped-rag-semantic-search
- https://github.com/advisories/GHSA-w676-mrp6-5fqq