CVE-2026-23522
Unknown Unknown - Not Provided
Authorization Bypass in LobeChat Allows Unauthorized Knowledge Base File Deletion

Publication date: 2026-01-19

Last updated on: 2026-01-19

Assigner: GitHub, Inc.

Description
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, `knowledgeBase.removeFilesFromKnowledgeBase` tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. `userId` filter in the database query is commented out, so it's enabling attackers to delete other users' KB files if they know the knowledge base ID and file ID. While the vulnerability is confirmed, practical exploitation requires knowing target's KB ID and target's file ID. These IDs are random and not easily enumerable. However, IDs may leak through shared links, logs, referrer headers and so on. Missing authorization check is a critical security flaw regardless. Users should upgrade to version 2.0.0-next.193 to receive a patch.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-19
Last Modified
2026-01-19
Generated
2026-06-16
AI Q&A
2026-01-19
EPSS Evaluated
2026-06-15
NVD
CVE-2026-23522
EUVD
EUVD-2026-3318
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
lobehub lobe_chat to 2.0.0-next.193 (exc)
lobehub chat to 2.0.0-next.192 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
CWE-915 The product receives input from an upstream component that specifies multiple attributes, properties, or fields that are to be initialized or updated in an object, but it does not properly control which attributes can be modified.
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
CWE-284 The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-23522 is an Insecure Direct Object Reference (IDOR) vulnerability in the LobeChat open source chat application, specifically in the tRPC endpoint knowledgeBase.removeFilesFromKnowledgeBase. Before version 2.0.0-next.193, authenticated users could delete files from any knowledge base without verifying ownership because the userId filter in the database query was commented out. This means attackers who know a target knowledge base ID and file ID can delete files belonging to other users. Although these IDs are random and not easily enumerable, they may leak through shared links, logs, or referrer headers. The vulnerability allows unauthorized deletion of files, which is a critical security flaw. [1]

Impact Analysis

This vulnerability can lead to unauthorized deletion of files from any user's knowledge base, potentially disrupting functionalities such as Retrieval-Augmented Generation (RAG) or AI features that rely on those files. It can cause loss of important or proprietary data. While exploitation requires knowledge of specific knowledge base and file IDs, these may be leaked, making the attack feasible. The impact is primarily on data integrity due to unauthorized file deletion. [1]

Compliance Impact

The provided resources do not specify how this vulnerability affects compliance with common standards and regulations such as GDPR or HIPAA.

Detection Guidance

This vulnerability can be detected by monitoring for unauthorized or suspicious POST requests to the tRPC endpoint knowledgeBase.removeFilesFromKnowledgeBase that specify knowledge base IDs and file IDs not owned by the authenticated user. A proof-of-concept involves sending a POST request with an authenticated session token and victim's KB and file IDs, resulting in deletion. Network monitoring tools or logs can be inspected for such requests. Specific commands are not provided in the resources, but inspecting HTTP POST requests to the vulnerable endpoint and verifying ownership checks in the backend can help detect exploitation attempts. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade LobeChat to version 2.0.0-next.193 or later, where the vulnerability is patched by adding proper userId authorization checks in the removeFilesFromKnowledgeBase method to ensure only owners can delete files. Additionally, verifying that file size validation is done against actual S3 metadata rather than client input helps prevent related security issues. Until the upgrade, restrict access to the vulnerable endpoint and monitor for suspicious deletion requests. [1, 2]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23522. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart