CVE-2026-23522 | lobehub lobe-chat up to 2.0.0-next.193 knowledgeBase.removeFilesFromKnowledgeBase access control (GHSA-j7xp-4mg9-x28r)

Inserito da Angelo Barbosa | Gen 19, 2026 | CVE

A vulnerability classified as critical was found in lobehub lobe-chat up to 2.0.0-next.193. This issue affects the function knowledgeBase.removeFilesFromKnowledgeBase. The manipulation results in improper access controls.

This vulnerability is identified as CVE-2026-23522. The attack can be executed remotely. There is not any exploit available.

Upgrading the affected component is advised.

CVE-2026-23522 | lobehub lobe-chat up to 2.0.0-next.193 knowledgeBase.removeFilesFromKnowledgeBase access control (GHSA-j7xp-4mg9-x28r)

Post correlati

CVE-2024-7355 | Organization Chart Plugin up to 1.5.0 on WordPress title_input/node_description cross site scripting

CVE-2025-0603 | Callvision Emergency Code up to 2.x sql injection

CVE-2024-38963 | Nopcommerce 4.70.1 cross site scripting (Issue 7224)

CVE-2024-0535 | Tenda PA6 1.0.1.21 httpd /portmap cgiPortMapAdd groupName stack-based overflow