Lobehub Lobe Chat vulnerabilities

CVE-2025-59426 [MEDIUM] CWE-601 CVE-2025-59426: Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the pr Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.130.1, the project's OIDC redirect handling logic constructs the host and protocol of the final redirect URL based on the X-Forwarded-Host or Host headers and the X-Forwarded-Proto value. In deployments where a reverse proxy forwards client-supplied X-Forwarded-*

CVE-2025-59417 [MEDIUM] CWE-79 CVE-2025-59417: Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting (XSS) vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the user’s machine. In lobe-chat, when the response from the server is like , it will be rendered with the lobeArti

CVE-2024-32965 [HIGH] CWE-918 CVE-2024-32965: Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unaut Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnerability. An attacker can construct malicious requests to cause SSRF without logging in, attack intranet services, and leak sensitive information. The jwt token header X-Lobe-Chat-Auth strored proxy address and OpenAI API Key, can be m

CVE-2024-47066 [HIGH] CVE-2024-47066: Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.19.13, server-side request forgery protection implemented in `src/app/api/proxy/route.ts` does not consider redirect and could be bypassed when attacker provides an external malicious URL which redirects to internal resources like a private network or loopback address. Vers

CVE-2024-37895 [MEDIUM] CWE-200 CVE-2024-37895: Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successf Lobe Chat is an open-source LLMs/AI chat framework. In affected versions if an attacker can successfully authenticate through SSO/Access Code, they can obtain the real backend API Key by modifying the base URL to their own attack URL on the frontend and setting up a server-side request. This issue has been addressed in version 0.162.25. Users are ad

CVE-2024-32964 [CRITICAL] CWE-918 CVE-2024-32964: Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. Prior to 0.150.6, lobe-chat had an unauthorized Server-Side Request Forgery vulnerability in the /api/proxy endpoint. An attacker can construct malicious requests to cause Server-Side Request Forgery without logging in, attack i

CVE-2024-24566 [MEDIUM] CWE-284 CVE-2024-24566: Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected (deployed with the `ACCESS_CODE` option), it is possible to access plugins without proper authorization (without password). This vulnerability is patched in 0.122.4.