CVE-2026-59098
MediumCVSS 6.5Exploitation Probability (EPSS)
Low risk15th percentile — higher than 15% of all known CVEs
Summary
LobeChat up to version 2.2.9 contains a broken access control vulnerability in the RAG semantic search functionality. Authenticated attackers can access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method.
Risk Assessment
The risk involves potential theft of sensitive data, including file contents, file names, and metadata of other users, leading to privacy breaches and information leakage.
Recommendation
Immediately update LobeChat to a version later than 2.2.9 that includes a fix for the access control flaw. Until the update, restrict access to the semantic search functionality.
Original NVD description (English source)
LobeChat through 2.2.9 contains a broken access control vulnerability in the retrieval-augmented-generation semantic search functionality that allows authenticated attackers to access other users' data by exploiting missing user-identifier predicates in the chunk model semanticSearch method. Attackers can supply arbitrary victim file or knowledge-base identifiers through the chunk retrieval and chat knowledge-base paths to retrieve text content, file names, and metadata belonging to other users.

