CVE-2026-39411
Published: 08 April 2026
Summary
CVE-2026-39411 is a medium-severity Improper Authentication (CWE-287) vulnerability in Lobehub Lobehub. Its CVSS base score is 5.0 (Medium).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 7.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 IA-2 (Identification and Authentication (Organizational Users)) and IA-5 (Authenticator Management).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Requires secure management of authenticators including generation, distribution, and strength, directly preventing reliance on weak, forgeable XOR-obfuscated headers with hardcoded keys.
Mandates unique identification and authentication of users or processes, eliminating improper authentication that allows bypassing protections on webapi routes.
Enforces approved authorizations for access to protected resources like /webapi/chat/[provider], mitigating unauthorized access even with flawed upstream authentication.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability is an improper authentication flaw allowing forgery of auth headers to bypass protections on public webapi endpoints of an internet-facing application, directly enabling exploitation of a public-facing application.
NVD Description
LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, the webapi authentication layer trusts a client-controlled X-lobe-chat-auth header that is only XOR-obfuscated, not signed or otherwise authenticated. Because the…
more
XOR key is hardcoded in the repository, an attacker can forge arbitrary auth payloads and bypass authentication on protected webapi routes. Affected routes include /webapi/chat/[provider], /webapi/models/[provider], /webapi/models/[provider]/pull, and /webapi/create-image/comfyui. This vulnerability is fixed in 2.1.48.
Deeper analysisAI
CVE-2026-39411 is an improper authentication vulnerability in LobeHub, an open-source platform for building and collaborating with AI agent teammates. Versions prior to 2.1.48 are affected in the webapi authentication layer, which trusts a client-controlled X-lobe-chat-auth header that uses only XOR obfuscation with a hardcoded key from the repository. This design lacks proper signing or authentication, enabling attackers to forge arbitrary auth payloads and bypass protections on routes including /webapi/chat/[provider], /webapi/models/[provider], /webapi/models/[provider]/pull, and /webapi/create-image/comfyui.
Attackers with network access (AV:N) and low privileges (PR:L) can exploit this vulnerability, though it requires high attack complexity (AC:H). Exploitation allows unauthorized access to protected webapi endpoints, resulting in low impacts to confidentiality, integrity, and availability (C:L/I:L/A:L), for an overall CVSS v3.1 base score of 5.0. The issue maps to CWEs 287 (Improper Authentication), 290 (Authentication Bypass by Spoofing), and 345 (Insufficient Verification of Data Authenticity).
Mitigation is available in LobeHub version 2.1.48, which addresses the authentication flaw. Security advisories and patches are detailed in the GitHub security advisory (GHSA-5mwj-v5jw-5c97), fix commit (3327b293d66c013f076cbc16cdbd05a61a3d0428), pull request (#13535), and release notes (v2.1.48). Practitioners should upgrade immediately and review deployments for exposure on affected routes.
LobeHub's focus on AI agents, model management, and tools like ComfyUI for image generation makes this relevant to AI/ML workflows, where unauthorized access could disrupt agent collaboration or model operations. No public evidence of real-world exploitation is available.
Details
- CWE(s)