๐Ÿ” CVE Alert

CVE-2026-59095

HIGH 7.7

LobeChat < 2.2.10-canary.18 - SSRF via importFromUrl and fetchImageFromUrl

CVSS Score
7.7
EPSS Score
0.0%
EPSS Percentile
0th

LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints, which use the global fetch without the project's ssrf-safe-fetch wrapper. Attackers can target internal addresses such as cloud instance metadata endpoints through these unprotected code paths to disclose internal service responses and cloud credentials.

CWE CWE-918
Vendor lobehub
Product lobehub
Published Jul 2, 2026
Stay Ahead of the Next One

Get instant alerts for lobehub lobehub

Be the first to know when new high vulnerabilities affecting lobehub lobehub are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Affected Versions

lobehub / lobehub
0 < 2.2.10-canary.18

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
github.com: https://github.com/lobehub/lobehub/issues/16536 github.com: https://github.com/lobehub/lobehub/pull/16601 vulncheck.com: https://www.vulncheck.com/advisories/lobechat-canary-18-ssrf-via-importfromurl-and-fetchimagefromurl

Credits

George Chen