CNNVD-202601-2945 Information

CNNVD ID

CNNVD-202601-2945

Related CVE

CVE-2026-23733

• CNNVD Published: 2026-01-18

Description (Chinese)

Lobe Chat是LobeHub开源的一个开源、高性能的聊天机器人框架。 Lobe Chat 2.0.0-next.180之前版本存在代码注入漏洞，该漏洞源于Mermaid渲染器存在存储型跨站脚本，可能导致远程代码执行。

Description (English)

Lobe Chat is an open source, high-performance chat robotic framework for the LobeHub open source. The pre-Lobe Chat 2.0-next.180 version has a code-injecting loophole, which stems from the storage of the Mermaid Renderer’s cross-site script, which may lead to remote code execution.

Hazard Level

High

Vulnerability Type

代码注入

Affected Vendor

LobeHub

Published

2026-01-18

Last Modified

2026-02-24

References

https://github.com/lobehub/lobe-chat/security/advisories/GHSA-4gpc-rhpj-9443 https://access.redhat.com/security/cve/cve-2026-23733

Patch

https://github.com/lobehub/lobe-chat/releases