Vulnerability in Lobehub Lobe-chat

CVE-2026-23835

LobeHub is an open source human-and-AI-agent network. Prior to version 1.143.3, the file upload feature in `Knowledge Base > File Upload` does not validate the integrity of the upload request, allowing users to intercept and modify the req…

EPSS: 0.000 (13.1th percentile) — read the EPSS interpretation.

Affected products

Lobehub Lobe-chat — versions < 1.143.3

Weakness classification (CWE)

CWE-73 — External Control of File Name or Path

References

https://github.com/lobehub/lobehub/security/advisories/GHSA-wrrr-8jcv-wjf5 (x_refsource_CONFIRM)