PT-2026-55298 · Lobe Chat · Lobe Chat
George Chen
·
Published
2026-07-02
·
Updated
2026-07-02
·
CVE-2026-59098
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
LobeChat versions prior to 2.3.0
Description
Broken access control exists in the retrieval-augmented-generation (RAG) semantic search functionality. Authenticated attackers can access data from other users due to missing user-identifier predicates in the
semanticSearch method of the chunk model. By providing arbitrary victim file or knowledge-base identifiers through the chunk retrieval and chat knowledge-base paths, an attacker can retrieve metadata, file names, and text content belonging to other users.Recommendations
Update LobeChat to version 2.3.0 or later.
Exploit
Fix
IDOR
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Lobe Chat