CVE-2026-23835

Name of the Vulnerable Software and Affected Versions LobeHub versions prior to 1.143.3

Description LobeHub is an open source human-and-AI-agent network. The file upload feature in Knowledge Base > File Upload does not validate the integrity of the upload request, allowing users to intercept and modify request parameters. This can lead to the creation of arbitrary files in unintended paths. An attacker can manipulate the size parameter in the client upload request to misrepresent the actual file size, bypassing the monthly upload quota and potentially causing financial impact to the service operator. This manipulation can also lead to degraded service availability, affecting legitimate users and overloading downstream systems. A single malicious user can cause an indirect denial of service (DoS) to other users.

Recommendations Update to version 1.143.3 or later.