Severity by source
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Network-reachable BOLA requiring group ID enumeration (AC:H); authenticated low-privilege session (PR:L); limited read, write, and disruptive impact on user data only with no scope change (C:L/I:L/A:L, S:U).
Primary rating from Vendor (VulnCheck).
CVSS VectorVendor: VulnCheck
CVSS:4.0/AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
Lifecycle Timeline
3DescriptionCVE.org
LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and removeAgentsFromGroup operations without user-scoped predicates to read agent listings, modify agent roles and ordering, and remove agents from chat groups belonging to other users.
AnalysisAI
Broken object level authorization in LobeChat through version 2.2.9 permits authenticated users to read and manipulate chat-group agent data belonging to other users by supplying arbitrary group identifiers to unguarded API operations. The getGroupAgents, updateAgentInGroup, and removeAgentsFromGroup endpoints accept caller-controlled group IDs without validating ownership, enabling cross-user data access and modification. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires a valid authenticated session in the LobeChat instance - at minimum a standard user account (CVSS PR:L). … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The CVSS 4.0 score of 2.3 with vector AV:N/AC:H/AT:N/PR:L/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N places this firmly in the low-severity tier, and the signal convergence across available data supports that classification. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An authenticated LobeChat user with a standard account leverages the publicly available proof-of-concept from GitHub issue #16537 to enumerate or brute-force group identifiers belonging to other users on the same instance, then invokes getGroupAgents to harvest the victim's agent configuration. The attacker subsequently calls updateAgentInGroup or removeAgentsFromGroup with the victim's group ID to silently tamper with or disrupt the victim's chat-group agent setup. … |
| Remediation | An upstream fix has been committed to the LobeHub repository via commit 9ed5a7e20d8a67c431265f5a252e9559d9920907 (https://github.com/lobehub/lobehub/commit/9ed5a7e20d8a67c431265f5a252e9559d9920907) and merged through pull request #16586 (https://github.com/lobehub/lobehub/pull/16586); however, a specific tagged release version incorporating this fix is not independently confirmed from available data - operators should monitor the LobeHub release page for a version beyond 2.2.9 that includes this commit. … Detailed patch versions, workarounds, and compensating controls in full report. |
Threat intelligence, references, and detailed analysis are available after sign-in.
Server-side request forgery in LobeChat before 2.2.10-canary.18 lets authenticated users coerce the server into issuing
Denial of service in LobeChat before 2.2.10-canary.15 lets an authenticated user hang the entire Node.js server by impor
Cross-user data disclosure in LobeChat through version 2.2.9 allows any authenticated user to read other users' document
Broken object-level authorization in LobeChat server-database deployments through version 2.2.9 enables any authenticate
Same technique Authentication Bypass
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-41431
GHSA-hgpq-q5hf-7r77