CVE-2026-23522
📋 TL;DR
This vulnerability in LobeChat allows authenticated users to delete files from any knowledge base without ownership verification due to a commented-out user ID filter in the database query. Attackers can exploit this if they obtain target knowledge base and file IDs, potentially through information leaks. All users running vulnerable versions of LobeChat are affected.
💻 Affected Systems
- LobeChat
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious authenticated users could systematically delete all knowledge base files across the entire application, causing data loss and service disruption.
Likely Case
Targeted deletion of specific files from other users' knowledge bases when IDs are obtained through shared links or logs.
If Mitigated
Unauthorized file deletions are prevented through proper authorization checks.
🎯 Exploit Status
Exploitation requires authenticated access plus knowledge of target knowledge base ID and file ID, which are random but may leak through various channels.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.0-next.193
Vendor Advisory: https://github.com/lobehub/lobe-chat/security/advisories/GHSA-j7xp-4mg9-x28r
Restart Required: Yes
Instructions:
1. Backup your LobeChat instance. 2. Update to version 2.0.0-next.193 or later using your package manager. 3. Restart the LobeChat service. 4. Verify the fix is applied.
🔧 Temporary Workarounds
Restrict Access
allLimit application access to trusted users only and monitor for suspicious deletion activity.
🧯 If You Can't Patch
- Implement application-level monitoring for file deletion events and alert on suspicious patterns.
- Restrict network access to the LobeChat instance to minimize exposure.
🔍 How to Verify
Check if Vulnerable:
Check if LobeChat version is below 2.0.0-next.193 by examining package.json or application version endpoint.Check Version:
Check package.json for version or use application API if available.Verify Fix Applied:
Confirm version is 2.0.0-next.193 or higher and test that authenticated users cannot delete files from knowledge bases they don't own.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion patterns, especially from knowledge bases not owned by the requesting user
Network Indicators:
- Multiple DELETE requests to knowledge base file endpoints from single user
SIEM Query:
source="lobechat" action="delete" knowledge_base_id!=user_knowledge_base_id