CVE-2026-59100
Received Received - Intake

Broken Object Level Authorization in LobeChat

Vulnerability report for CVE-2026-59100, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-07-02

Last updated on: 2026-07-02

Assigner: VulnCheck

Description

LobeChat through 2.2.9 contains a broken object level authorization vulnerability that allows authenticated attackers to access and modify other users' chat-group agent data by supplying arbitrary group identifiers. Attackers can invoke the getGroupAgents, updateAgentInGroup, and removeAgentsFromGroup operations without user-scoped predicates to read agent listings, modify agent roles and ordering, and remove agents from chat groups belonging to other users.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-07-02
Last Modified
2026-07-02
Generated
2026-07-03
AI Q&A
2026-07-02
EPSS Evaluated
N/A
NVD
EUVD

Affected Vendors & Products

Currently, no data is known.

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-639 The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

CVE-2026-59100 is an Insecure Direct Object Reference (IDOR) vulnerability in LobeChat version 2.2.9 and earlier. It occurs because certain operations related to chat-group agents lack proper user-based authorization checks. Specifically, authenticated attackers can supply arbitrary group identifiers to access and modify chat-group agent data belonging to other users.

The vulnerable functionsβ€”getGroupAgents, updateAgentInGroup, and removeAgentsFromGroupβ€”query the chat_groups_agents junction table without verifying that the requesting user owns the group. This allows attackers to read agent listings, change agent roles and ordering, and remove agents from other users' chat groups.

The root cause is unscoped queries that do not include user ownership predicates, enabling cross-user data access and modification.

Impact Analysis

This vulnerability can impact you by allowing authenticated attackers to access confidential information about your chat-group agents, modify their roles and order, or remove agents from your chat groups without your permission.

Such unauthorized access and modification can compromise the confidentiality, integrity, and availability of your chat group data.

  • Unauthorized reading of group-agent membership data.
  • Tampering with group-agent configurations such as roles and ordering.
  • Destructive removal of agents from chat groups belonging to other users.
Detection Guidance

This vulnerability involves unauthorized access to chat-group agent data by exploiting unscoped queries in the getGroupAgents, updateAgentInGroup, and removeAgentsFromGroup operations. Detection involves monitoring for unusual or unauthorized API calls that supply arbitrary group identifiers to these operations.

You can detect attempts to exploit this vulnerability by auditing logs for calls to these functions with group IDs that do not belong to the authenticated user.

Suggested commands or methods include:

  • Review application logs or API gateway logs for requests to getGroupAgents, updateAgentInGroup, and removeAgentsFromGroup endpoints with group IDs that do not match the authenticated user's groups.
  • Use database queries to check for any modifications or removals of agents in chat groups where the acting user is not the owner.
  • If you have access to the backend, run queries to verify that operations on the chat_groups_agents junction table are properly scoped by userId. For example, check for any entries modified without corresponding user ownership.

Specific command examples depend on your logging and monitoring setup, but a sample SQL query to detect unauthorized modifications might be:

  • SELECT * FROM chat_groups_agents WHERE groupId = '<arbitrary_group_id>' AND userId != '<authenticated_user_id>';

Additionally, monitoring for anomalous API usage patterns or unexpected changes in group-agent configurations can help detect exploitation attempts.

Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable operations and applying patches that enforce user-based scoping on chat-group agent operations.

  • Update LobeChat to a version that includes the fix which scopes the getGroupAgents, updateAgentInGroup, and removeAgentsFromGroup operations by user ownership, as described in the patch that adds the groupAgentOwnership predicate.
  • If an immediate update is not possible, implement temporary access controls to limit authenticated users from invoking these operations with arbitrary group IDs.
  • Audit and monitor usage of these operations to detect and respond to unauthorized access attempts.

The fix involves modifying the backend to ensure that queries on the chat_groups_agents junction table include userId and workspaceId predicates to enforce ownership checks, preventing attackers from accessing or modifying other users' group agents.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-59100. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart