Skip to main content

LobeChat EUVDEUVD-2026-41422

| CVE-2026-58580 MEDIUM
Authorization Bypass Through User-Controlled Key (CWE-639)
2026-07-02 VulnCheck GHSA-vc6m-gvqm-4jf2
6.0
CVSS 4.0 · Vendor: VulnCheck
Share

Severity by source

Vendor (VulnCheck) PRIMARY
6.0 MEDIUM
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
vuln.today AI
5.9 MEDIUM

Network-reachable tRPC endpoint requires low-privilege authentication and knowledge of a non-enumerable ID (AC:H/PR:L); integrity fully compromised for victim's records; confidentiality limited to plugin read-back; no availability impact.

3.1 AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:H/A:N
4.0 AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (VulnCheck).

CVSS VectorVendor: VulnCheck

CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:H/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
X

Lifecycle Timeline

2
Analysis Generated
Jul 02, 2026 - 20:38 vuln.today
CVSS changed
Jul 02, 2026 - 20:22 NVD
5.9 (MEDIUM) 6.0 (MEDIUM)

DescriptionCVE.org

LobeChat through 2.2.9 server-database deployments are vulnerable to broken object-level authorization in MessageModel. The updateMessagePlugin, updatePluginState, updatePluginError, updateTTS and updateTranslate methods filter target rows by message id alone, omitting the userId scope that sibling methods apply, and findMessagePlugin reads back by id alone. Reachable via the corresponding tRPC message procedures, an authenticated user who knows another user's message identifier can overwrite that victim's plugin tool-call metadata, plugin state/error, text-to-speech and translation records on the same instance, and the tampered content is served back to the victim. Exploitation requires knowledge of the victim's non-enumerable message identifier.

AnalysisAI

Broken object-level authorization in LobeChat server-database deployments through version 2.2.9 enables any authenticated user to overwrite another user's message sub-resources - including plugin tool-call metadata, plugin state and error fields, text-to-speech records, and translation records - by submitting tRPC API requests that reference the victim's message identifier. Five MessageModel write methods (updateMessagePlugin, updatePluginState, updatePluginError, updateTTS, updateTranslate) and one read method (findMessagePlugin) filter database rows by message ID alone, silently omitting the userId scope enforced in all sibling methods, causing the tampered content to be served back to the victim as their own data. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Authenticate to shared LobeChat server-database instance
Delivery
Acquire victim's non-enumerable message ID via side-channel
Exploit
Craft tRPC request targeting affected method (e.g., updateTranslate)
Execution
Submit request referencing victim's message ID - userId check absent
Persist
Database record overwritten without owner validation
Impact
Poisoned content served to victim in their chat session

Vulnerability AssessmentAI

Exploitation Exploitation requires three concurrent conditions: (1) the LobeChat deployment must be running in server-database mode - local single-user deployments are not affected; (2) the attacker must hold a valid authenticated session on the same instance, matching CVSS PR:L - unauthenticated external attackers cannot reach the tRPC procedures; and (3) the attacker must possess prior knowledge of the target victim's specific message identifier, which the vulnerability description explicitly characterizes as non-enumerable, ruling out brute-force or sequential enumeration as practical discovery vectors. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 4.0 base score of 6.0 (Medium) is a reasonable reflection of the actual risk envelope. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An authenticated user on a shared LobeChat server-database instance acquires a co-user's message ID through interception of application traffic, a companion information-disclosure path, or targeted social engineering. The attacker calls the tRPC updateTranslate or updatePluginState procedure with the victim's message ID and adversarially crafted payload content, bypassing the missing userId authorization check, and the victim subsequently receives the poisoned translation or plugin state in their chat interface as if it were their own conversation data. …
Remediation No vendor-released patched version is independently confirmed from the available references - the GitHub issue tracker entry and VulnCheck advisory disclose the flaw but do not reference a tagged fixed release. … Detailed patch versions, workarounds, and compensating controls in full report.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

EUVD-2026-41422 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy