CVE-2026-59098
LobeChat 2.2.9 - Cross-User Document Disclosure via Unscoped RAG Semantic Search
CVSS Score
6.5
EPSS Score
0.0%
EPSS Percentile
0th
LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method. Attackers can supply arbitrary victim file or knowledge-base identifiers through the chunk retrieval and chat knowledge-base paths to retrieve text content, file names, and metadata belonging to other users.
| CWE | CWE-639 |
| Vendor | lobehub |
| Product | lobehub |
| Published | Jul 2, 2026 |
Stay Ahead of the Next One
Get instant alerts for lobehub lobehub
Be the first to know when new medium vulnerabilities affecting lobehub lobehub are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
CVSS v3 Breakdown
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None
Affected Versions
lobehub / lobehub
0 โค 2.2.9
References
github.com: https://github.com/lobehub/lobehub/issues/16535 github.com: https://github.com/lobehub/lobehub/pull/16594 github.com: https://github.com/lobehub/lobehub/commit/4a7931a4e66832947dba11afdffae2918a56b6a0 vulncheck.com: https://www.vulncheck.com/advisories/lobechat-cross-user-document-disclosure-via-unscoped-rag-semantic-search
Credits
George Chen