Cyber Resilience

CVE-2026-39411

Medium

Published: 08 April 2026

Published
08 April 2026
Modified
20 April 2026
KEV Added
Patch
CVSS Score v3.1 5.0 CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0003 7.6th percentile
Risk Priority 10 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-39411 is a medium-severity Improper Authentication (CWE-287) vulnerability in Lobehub Lobehub. Its CVSS base score is 5.0 (Medium).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as LLM Application Platforms; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and IA-5 (Authenticator Management).

Deeper analysis

CVE-2026-39411 is an improper authentication vulnerability in LobeHub, an open-source platform for building and collaborating with AI agent teammates. Versions prior to 2.1.48 are affected in the webapi authentication layer, which trusts a client-controlled X-lobe-chat-auth header that uses only XOR obfuscation with a hardcoded key from the repository. This design lacks proper signing or authentication, enabling attackers to forge arbitrary auth payloads and bypass protections on routes including /webapi/chat/[provider], /webapi/models/[provider], /webapi/models/[provider]/pull, and /webapi/create-image/comfyui.

Attackers with network access (AV:N) and low privileges (PR:L) can exploit this vulnerability, though it requires high attack complexity (AC:H). Exploitation allows unauthorized access to protected webapi endpoints, resulting in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), for an overall CVSS v3.1 base score of 5.0. The issue maps to CWEs 287 (Improper Authentication), 290 (Authentication Bypass by Spoofing), and 345 (Insufficient Verification of Data Authenticity).

Mitigation is available in LobeHub version 2.1.48, which addresses the authentication flaw. Security advisories and patches are detailed in the GitHub security advisory (GHSA-5mwj-v5jw-5c97), fix commit (3327b293d66c013f076cbc16cdbd05a61a3d0428), pull request (#13535), and release notes (v2.1.48). Practitioners should upgrade immediately and review deployments for exposure on affected routes.

LobeHub's focus on AI agents, model management, and tools like ComfyUI for image generation makes this relevant to AI/ML workflows, where unauthorized access could disrupt agent collaboration or model operations. No public evidence of real-world exploitation is available.

EU & UK References

Vulnerability details

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the…

more

XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected webapi routes. Affected routes include /webapi/chat/[provider], /webapi/models/[provider], /webapi/models/[provider]/pull, and /webapi/create-image/comfyui. This vulnerability is fixed in 2.1.48.

CWE(s)

AI Security AnalysisAI

AI Category
LLM Application Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: comfyui

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Why these techniques?

The vulnerability is an improper authentication flaw allowing forgery of auth headers to bypass protections on public webapi endpoints of an internet-facing application, directly enabling exploitation of a public-facing application.

Confidence: HIGH · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-33175Shared CWE-287, CWE-290
CVE-2026-27700Shared CWE-290, CWE-345
CVE-2025-1104Shared CWE-287, CWE-290
CVE-2024-55925Shared CWE-290
CVE-2025-71279Shared CWE-287
CVE-2024-13804Shared CWE-287
CVE-2026-33131Shared CWE-290
CVE-2024-57046Shared CWE-287
CVE-2025-27671Shared CWE-290
CVE-2026-1203Shared CWE-287

Affected Assets

lobehub
lobehub
≤ 2.1.48

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Requires secure management of authenticators including generation, distribution, and strength, directly preventing reliance on weak, forgeable XOR-obfuscated headers with hardcoded keys.

prevent

Mandates unique identification and authentication of users or processes, eliminating improper authentication that allows bypassing protections on webapi routes.

prevent

Enforces approved authorizations for access to protected resources like /webapi/chat/[provider], mitigating unauthorized access even with flawed upstream authentication.

References