HarborGuardharborguardDatabase
Back to search
CRITICALCVE-2026-54157Published Modified CNA GitHub_M

CVE-2026-54157: LobeHub: Unauthenticated SSRF in `/webapi/proxy`

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.57, the /webapi/proxy endpoint on app.lobehub.com accepts a URL in the POST body and fetches it server-side without any authentication. An attacker can use this to make arbitrary outbound requests from LobeHub's infrastructure, leak Vercel deployment details, and inject cookies on the lobehub.com domain through reflected Set-Cookie headers. This vulnerability is fixed in 2.1.57.

Metrics

CVSS v3.1
9.0
Severity
CRITICAL
Fixed in
Affected Products
1

Get notified

Email me when this CVE is updated: new fix versions, severity changes, or any record change.

HarborGuard Analysis

Synopsis

A server-side request forgery (SSRF) vulnerability exists in the /webapi/proxy endpoint of LobeHub, an AI agent collaboration platform. The endpoint accepts a URL in a POST request body and fetches it server-side without requiring any authentication, making it reachable by any internet user. A successful attacker can issue arbitrary outbound HTTP requests from LobeHub's infrastructure, leak internal Vercel deployment metadata, and inject cookies into the lobehub.com domain via reflected Set-Cookie headers. No patched image rebuild is currently available on HarborGuard; the advisory is being tracked for upstream fix availability.

HarborGuard Coverage

Detection

Detection is available across every HarborGuard environment: the CVE is ingested from upstream feeds within minutes of publication and matched against all customer images, including custom-built images that bundle lobehub or lobehub-derived packages. Any image found to carry an affected version of the lobehub package is flagged immediately.

Available
Triage

HarborGuard is capable of scoring this finding at CVSS 9.0 (Critical) and weighting it against each customer organization's compliance policy to determine urgency. Triage routing can surface the finding to the appropriate team inbox within the customer's organization based on configured ownership rules.

Available
Patch

Because no upstream fix version has been published yet, HarborGuard re-checks the advisory on every ingest cycle and will make a patched-image rebuild available the moment a fix lands in the lobehub upstream repository. For customers with auto-remediation enabled, the rebuild, regression run, and PR against affected workloads will be triggered automatically once a fix version is confirmed.

Pending upstream

Exploit Conditions

  • Network reachabilityRequired

    The attacker must reach the /webapi/proxy endpoint over the network; the service is exposed via HTTP to any internet-connected client.

  • AuthenticationRequired

    Despite the CVE title describing the endpoint as unauthenticated, the CVSS vector records PR:H, meaning the scoring authority assessed that a highly privileged account is needed; reviewers should reconcile this against the prose description, which states no authentication is required.

  • Victim interactionNot required

    No victim action is needed; the attacker sends a direct POST request to the endpoint without any user participation.

  • Attack complexityDetail

    Attack complexity is Low, meaning the exploit is reliable and requires no special timing, race conditions, or environmental preconditions to succeed.

Blast Radius

  • Reads internal Vercel deployment details, which may include environment variable names, internal hostnames, and deployment identifiers.
  • Injects attacker-controlled cookies into the lobehub.com domain via reflected Set-Cookie headers, enabling session fixation or credential theft against lobehub.com users.
  • Crashes or degrades services reachable from LobeHub's infrastructure by directing the proxy to issue high-volume or malformed requests to internal endpoints (Availability impact: High).
  • Makes arbitrary outbound HTTP requests from LobeHub's server-side infrastructure, potentially reaching cloud metadata endpoints such as the AWS instance metadata service or equivalent Vercel runtime internals.

How HarborGuard Handles This

Available on HarborGuard: because no upstream fix for CVE-2026-54157 has been published, HarborGuard monitors the advisory on every ingest cycle and will surface a patched-image rebuild the moment lobehub releases version 2.1.57 or later. For customers with auto-remediation enabled, the rebuild plus a regression run and PR against affected workloads will be triggered automatically at that point. In the interim, compensating controls worth considering include network-policy rules that block or restrict outbound egress from containers running lobehub (limiting the reach of the SSRF), egress filtering at the cluster or VPC level to deny requests to internal metadata endpoints and RFC-1918 address space, and feature-flag or ingress-level gating to restrict access to the /webapi/proxy route to known trusted principals until the upstream patch is available. HarborGuard will notify affected environments as soon as fix availability is confirmed.

See how HarborGuard automates this
Affected packages
  • lobehub / lobehub
    < 2.1.57
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:H
References