cbcvebase.
CVE-2024-24566
published 2024-01-31

CVE-2024-24566: Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is…

PriorityP428medium5.3CVSS 3.1
AVNACLPRNUINSUCNILAN
EPSS
0.48%
37.9th percentile
Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.

Affected

3 ranges
VendorProductVersion rangeFixed in
lobehubchat>= 0 < 0.122.40.122.4
lobehublobe-chat< 0.122.40.122.4
lobehublobe_chat< 0.122.40.122.4
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.