CVE-2024-32965: Lobe Chat is an open-source, AI chat framework. Versions of lobe-chat prior to 1.19.13 have an unauthorized ssrf vulnera
Summary
Lobe Chat, an open-source AI chat framework, has a vulnerability in versions before 1.19.13 that allows attackers to perform SSRF (server-side request forgery, where an attacker tricks a server into making unauthorized requests to other systems) without logging in. Attackers can exploit this to scan internal networks and steal sensitive information like API keys stored in authentication headers.
Solution / Mitigation
Upgrade to lobe-chat version 1.19.13 or later. According to the source, 'This issue has been addressed in release version 1.19.13 and all users are advised to upgrade.' There are no known workarounds for this vulnerability.
Vulnerability Details
8.1(high)
EPSS: 0.2%
Classification
Affected Vendors
Related Issues
CVE-2026-34371: LibreChat is a ChatGPT clone with additional features. Prior to 0.8.4, LibreChat trusts the name field returned by the e
CVE-2024-27444: langchain_experimental (aka LangChain Experimental) in LangChain before 0.1.8 allows an attacker to bypass the CVE-2023-
Original source: https://nvd.nist.gov/vuln/detail/CVE-2024-32965
First tracked: February 15, 2026 at 08:49 PM
Classified by LLM (prompt v3) · confidence: 85%