Description
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, `knowledgeBase.removeFilesFromKnowledgeBase` tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. `userId` filter in the database query is commented out, so it's enabling attackers to delete other users' KB files if they know the knowledge base ID and file ID. While the vulnerability is confirmed, practical exploitation requires knowing target's KB ID and target's file ID. These IDs are random and not easily enumerable. However, IDs may leak through shared links, logs, referrer headers and so on. Missing authorization check is a critical security flaw regardless. Users should upgrade to version 2.0.0-next.193 to receive a patch.
Published: 2026-01-19
Score: 3.7 Low
EPSS: < 1% Very Low
KEV: No
Impact: Unauthorized deletion of knowledge base files
Action: Patch Now
AI Analysis

Impact

The vulnerability exists in LobeChat’s Knowledge Base file removal endpoint, which is a tRPC method that lets authenticated users delete files from knowledge bases. The backend query lacks an ownership check because the user‑ID filter is commented out. Without this check, an attacker can delete any file in any knowledge base as long as they supply a valid knowledge‑base ID and file ID. The data loss is not limited to a single user; the attacker can wipe or modify other users’ knowledge base contents, impacting confidentiality and integrity of user data. The vulnerability is classified under CWE-284 (Improper Access Control), CWE-639 (Authorization Bypass Through User-Controlled Key), CWE-862 (Missing Authorization in Resource Access Control), and CWE-915 (Privilege Existence Error), underscoring that it is an access‑control flaw that permits unauthorised deletion.

Affected Systems

The issue affects LobeChat versions prior to 2.0.0‑next.193, as supplied by the vendor lobehub. Users running any earlier release of this open‑source chat application platform are at risk because the IDOR exists in the mentioned endpoint.

Risk and Exploitability

The CVSS score is 3.7, indicating moderate severity, while the EPSS score is less than 1%, meaning current exploitation probability is very low. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Practically, exploitation requires knowledge of the target knowledge‑base ID and file ID. These IDs are randomly generated and not easily enumerated, but may leak through shared links, logs, or referrer headers. Even with low likelihood, the missing authorization check makes this a critical security flaw because it allows any authenticated user to delete another user’s files if the identifiers are known.

Generated by OpenCVE AI on April 18, 2026 at 05:10 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LobeChat to version 2.0.0‑next.193 or later, which restores ownership validation during file deletion.
  • Audit the removal endpoint in your deployment to ensure that the user‑ID filter is active and that the database query verifies the requester own the knowledge base and file.
  • Review logs and shared links for inadvertent exposure of knowledge‑base IDs or file IDs, and rotate or obfuscate identifiers if they are being exposed.

Generated by OpenCVE AI on April 18, 2026 at 05:10 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-j7xp-4mg9-x28r Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion
History

Tue, 20 Jan 2026 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 20 Jan 2026 08:45:00 +0000

Type Values Removed Values Added
First Time appeared Lobehub
Lobehub lobe Chat
Vendors & Products Lobehub
Lobehub lobe Chat

Mon, 19 Jan 2026 17:00:00 +0000

Type Values Removed Values Added
Description LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, `knowledgeBase.removeFilesFromKnowledgeBase` tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. `userId` filter in the database query is commented out, so it's enabling attackers to delete other users' KB files if they know the knowledge base ID and file ID. While the vulnerability is confirmed, practical exploitation requires knowing target's KB ID and target's file ID. These IDs are random and not easily enumerable. However, IDs may leak through shared links, logs, referrer headers and so on. Missing authorization check is a critical security flaw regardless. Users should upgrade to version 2.0.0-next.193 to receive a patch.
Title Lobe Chat has IDOR in Knowledge Base File Removal that Allows Cross User File Deletion
Weaknesses CWE-284
CWE-639
CWE-862
CWE-915
References
Metrics cvssV3_1

{'score': 3.7, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N'}

Subscriptions

Lobehub Lobe Chat
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-01-20T21:35:39.441Z

Reserved: 2026-01-13T18:22:43.980Z

Link: CVE-2026-23522

cve-icon Vulnrichment

Updated: 2026-01-20T21:35:36.908Z

cve-icon NVD

Status : Deferred

Published: 2026-01-19T17:15:50.590

Modified: 2026-04-15T00:35:42.020

Link: CVE-2026-23522

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T05:15:15Z

Weaknesses