Advisories for Npm/@Lobehub/Lobehub package

2026

LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution

The vulnerability was automatically discovered by an ai agent and then manually verified. LobeChat's message rendering mechanism has a stored cross-site scripting (XSS) vulnerability. Combined with the Electron main process's exposed insecure IPC interface, attackers can construct malicious payloads to achieve an attack chain from XSS to remote code execution (RCE). The LobeChat team verified this vulnerability in lobehub v2.1.23, and it also exists in the latest version.

LobeHub: Unauthenticated authentication bypass on `webapi` routes via forgeable `X-lobe-chat-auth` header

The webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected webapi routes. Affected routes include: POST /webapi/chat/[provider] GET /webapi/models/[provider] POST /webapi/models/[provider]/pull POST /webapi/create-image/comfyui