CNNVD-202601-5045 Information

CNNVD ID

CNNVD-202601-5045

Related CVE

CVE-2026-23835

• CNNVD Published: 2026-01-30

Description (Chinese)

LobeHub是LobeHub开源的一个全平台AI对话框架。 LobeHub 1.143.3之前版本存在安全漏洞，该漏洞源于文件上传功能未验证请求完整性且允许操纵文件大小参数，可能导致绕过配额限制、任意文件创建和拒绝服务。

Description (English)

LobeHub is a platform-wide AI dialogue framework for LobeHub open source. There was a security loophole in the previous version of LobeHub 1.14.3, which stemmed from the fact that the file upload function did not verify the integrity of the request and allowed manipulation of document size parameters, which could lead to circumventing quota restrictions, arbitrary document creation and denial of service.

Hazard Level

High

Vulnerability Type

其他

Affected Vendor

LobeHub

Published

2026-01-30

Last Modified

2026-02-24

References

https://github.com/lobehub/lobehub/security/advisories/GHSA-wrrr-8jcv-wjf5 https://access.redhat.com/security/cve/cve-2026-23835

Patch

https://lobehub.com/zh