CVE-2026-23522 | lobehub lobe-chat up to 2.0.0-next.193 knowledgeBase.removeFilesFromKnowledgeBase access control (GHSA-j7xp-4mg9-x28r)

Inserito da Angelo Barbosa | Gen 19, 2026 | CVE

A vulnerability classified as critical was found in lobehub lobe-chat up to 2.0.0-next.193. This issue affects the function knowledgeBase.removeFilesFromKnowledgeBase. The manipulation results in improper access controls.

This vulnerability is identified as CVE-2026-23522. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.

CVE-2026-23522 | lobehub lobe-chat up to 2.0.0-next.193 knowledgeBase.removeFilesFromKnowledgeBase access control (GHSA-j7xp-4mg9-x28r)

Post correlati

CVE-2024-43908 | Linux Kernel up to 6.10.4 AMD GPU ras_manager null pointer dereference

CVE-2025-37094 | HPE StoreOnce Software up to 4.3.10 path traversal

CVE-2024-10818 | JSFiddle Shortcode Plugin up to 1.1.2 on WordPress cross site scripting

CVE-2024-6000 | FooEvents for WooCommerce Plugin up to 1.19.20 on WordPress unrestricted upload