Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

lobehub — Vulnerabilities & Security Advisories 12

Browse all 12 CVE security advisories affecting lobehub. AI-powered Chinese analysis, POCs, and references for each vulnerability.

Lobehub develops wireless communication devices primarily for business conferencing and remote collaboration solutions. Historically, the devices have been vulnerable to multiple security issues including remote code execution, cross-site scripting, and privilege escalation vulnerabilities. These flaws often stem from improper input validation, insecure authentication mechanisms, and firmware weaknesses. While no major public security incidents have been widely reported, the 12 documented CVEs indicate a pattern of security concerns that could potentially allow unauthorized access or system compromise. Organizations using these devices should implement network segmentation and ensure timely firmware updates to mitigate potential risks.

Top products by lobehub: lobe-chat lobehub
CVE IDTitleCVSSSeverityPublished
CVE-2026-39411 LobeHub has an unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header — lobehubCWE-287 5.0 Medium2026-04-08
CVE-2026-23835 LobeHub Vulnerable to Improper Authorization in Presigned Upload — lobe-chatCWE-73 6.5AIMediumAI2026-01-30
CVE-2026-23522 Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion — lobe-chatCWE-284 3.7 Low2026-01-19
CVE-2026-23733 Lobe Chat has Cross-Site Scripting (XSS) issue that may escalate to Remote Code Execution (RCE) — lobe-chatCWE-94 6.4 Medium2026-01-18
CVE-2025-62505 SSRF in lobehub/lobe-chat with native web fetch module — lobe-chatCWE-918 3.0 Low2025-10-17
CVE-2025-59426 lobe-chat has an Open Redirect — lobe-chatCWE-601 4.3 Medium2025-09-25
CVE-2025-59417 Lobe Chat Desktop Vulnerable to Remote Code Execution via XSS in Chat Messages — lobe-chatCWE-79 8.2AIHighAI2025-09-18
CVE-2024-32965 ssrf vulnerability in lobe-chat — lobe-chatCWE-918 8.1 High2024-11-26
CVE-2024-47066 Lobe Chat has insufficient fix for GHSA-mxhq-xw3g-rphc (CVE-2024-32964) — lobe-chatCWE-918 9.0 Critical2024-09-23
CVE-2024-37895 API Key Leak in lobe-chat — lobe-chatCWE-200 5.7 Medium2024-06-17
CVE-2024-32964 lobe-chat `/api/proxy` endpoint Server-Side Request Forgery vulnerability — lobe-chatCWE-918 9.0 Critical2024-05-10
CVE-2024-24566 Lobe Chat unauthorized access to plugins — lobe-chatCWE-284 5.3 Medium2024-01-31

This page lists every published CVE security advisory associated with lobehub. Each entry links to a detailed page with CVSS scoring, CWE classification, affected products and references. AI-generated Chinese analysis is provided for fast triage.