Analysis and contextual insights are available on OpenCVE Cloud.
No vendor fix or workaround currently provided.
Additional remediation guidance may be available on OpenCVE Cloud.
Tracking
Sign in to view the affected projects.
No advisories yet.
Thu, 02 Jul 2026 20:15:00 +0000
| Type | Values Removed | Values Added |
|---|---|---|
| Description | LobeChat before 2.2.10-canary.18 contains a server-side request forgery vulnerability that allows authenticated attackers to direct internal HTTP requests to arbitrary URLs by supplying user-controlled input to the skill import service (importFromUrl) and topic cover update (fetchImageFromUrl) endpoints, which use the global fetch without the project's ssrf-safe-fetch wrapper. Attackers can target internal addresses such as cloud instance metadata endpoints through these unprotected code paths to disclose internal service responses and cloud credentials. | |
| Title | LobeChat < 2.2.10-canary.18 - SSRF via importFromUrl and fetchImageFromUrl | |
| First Time appeared |
Lobehub
Lobehub lobehub |
|
| Weaknesses | CWE-918 | |
| CPEs | cpe:2.3:a:lobehub:lobehub:*:*:*:*:*:node.js:*:* | |
| Vendors & Products |
Lobehub
Lobehub lobehub |
|
| References |
| |
| Metrics |
cvssV3_1
|
Status: PUBLISHED
Assigner: VulnCheck
Published:
Updated: 2026-07-02T19:41:16.367Z
Reserved: 2026-07-02T15:38:18.928Z
Link: CVE-2026-59095
No data.
No data.
No data.
OpenCVE Enrichment
No data.