Description
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the default method, HTMLRenderer, for HTML rendering. If an attacker can induce the LLM to output content containing malicious tags, an XSS vulnerability can be created on the client side. Additionally, Lobechat's Electron main process exposes an IPC interface called runCommand, used to invoke system commands. This interface allows arbitrary command execution and does not filter the command parameter. Therefore, if an attacker can obtain a handle to window.parent.electronAPI via XSS and call the runCommand method of the IPC, the ipcMain process can execute arbitrary system commands with the current user's privileges. This vulnerability is fixed in 2.1.48.
Published: 2026-05-12
Score: 6.2 Medium
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

LobeHub’s content renderer falls back to an HTML renderer when a custom tag type is not matched, allowing malicious tags to be injected via a no‑match path. An attacker can cause the large‐language model component to output content containing such tags, delivering a client‑side XSS payload. From that XSS context the attacker can access the exposed Electron IPC gateway, runCommand, which accepts an unrestricted command string and executes it under the current user’s privileges. The combination of the XSS vector with the unfiltered command interface provides a direct path to arbitrary system command execution.

Affected Systems

All releases of LobeHub before version 2.1.48 are susceptible. The vulnerability is mitigated in 2.1.48 and later. Coordination with the vendor is required to confirm the exact build and update chain for affected installations.

Risk and Exploitability

The CVSS score of 6.2 indicates a medium severity, but the presence of a local IPC command interface and the possibility for an attacker to coerce a user’s browser into executing XSS elevates the risk to higher than typical XSS. With no EPSS data available, the likelihood can only be inferred; however, because the exploit chain requires user interaction to trigger XSS, the attack vector is likely “User Interaction.” The vendor has not listed this issue in the CISA KEV catalog, which suggests no known widespread exploitation yet, but the potential for local privilege escalation remains high.

Generated by OpenCVE AI on May 12, 2026 at 20:16 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade LobeHub to version 2.1.48 or later, which removes the vulnerable custom‑tag fallback and sanitizes IPC command input.
  • If an upgrade cannot be performed immediately, isolate the Electron main process from the renderer by disabling the electronAPI exposed on window.parent or by enforcing a strict Content Security Policy that blocks access to the runCommand IPC interface.
  • Implement server‑side sanitization of all LLM‑generated output, ensuring that only safe, whitelisted tags are rendered.

Generated by OpenCVE AI on May 12, 2026 at 20:16 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Github GHSA Github GHSA GHSA-xq4x-622m-q8fq LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution
History

Tue, 12 May 2026 22:00:00 +0000

Type Values Removed Values Added
First Time appeared Lobehub
Lobehub lobehub
Vendors & Products Lobehub
Lobehub lobehub

Tue, 12 May 2026 19:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 12 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the default method, HTMLRenderer, for HTML rendering. If an attacker can induce the LLM to output content containing malicious tags, an XSS vulnerability can be created on the client side. Additionally, Lobechat's Electron main process exposes an IPC interface called runCommand, used to invoke system commands. This interface allows arbitrary command execution and does not filter the command parameter. Therefore, if an attacker can obtain a handle to window.parent.electronAPI via XSS and call the runCommand method of the IPC, the ipcMain process can execute arbitrary system commands with the current user's privileges. This vulnerability is fixed in 2.1.48.
Title LobeHub: Cross-Site Scripting(XSS) escalate to Remote Code Execution(RCE)
Weaknesses CWE-79
References
Metrics cvssV3_1

{'score': 6.2, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N'}

Subscriptions

Lobehub Lobehub
cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2026-05-12T19:03:36.652Z

Reserved: 2026-04-23T16:05:01.709Z

Link: CVE-2026-42045

cve-icon Vulnrichment

Updated: 2026-05-12T19:03:24.634Z

cve-icon NVD

Status : Received

Published: 2026-05-12T18:17:23.637

Modified: 2026-05-12T20:16:40.907

Link: CVE-2026-42045

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T21:45:05Z

Weaknesses