External risk intelligence

LobeHub Proxy Endpoint Server-Side Request Forgery and Cookie Injection

CVE advisorySeverity: CRITICAL (CVSS 9.0)

CVE-2026-54157

The vulnerability exists in a public-facing web application endpoint designed for internet access, making the service reachable and exploitable by design in normal operations.

Server-Side Request Forgery

Halo Surface Signal: 5 out of 5 — more likely to be public-facing.

External exposure likelihood

Horizon Alert

Summary of the vulnerability and why it matters

This advisory details a critical vulnerability in LobeHub's proxy endpoint, which could allow unauthorized access to internal information and domain injection if exploited. The issue has been fixed in version 2.1.57.

  • Proxy endpoint allows unauthorized outbound requests.
  • Attackers could leak sensitive infrastructure details.
  • Confirm relevance and exposure to LobeHub services.

Attack Path

How an attacker could exploit the issue

An attacker with administrative access could send specially crafted requests to the `/webapi/proxy` endpoint. This would allow them to trick the LobeHub application into fetching arbitrary external URLs. Doing so could expose sensitive information about the application's infrastructure, such as Vercel deployment details, and potentially lead to the injection of malicious cookies into the `lobehub.com` domain.

  • Requires administrative access.
  • Triggered by posting a URL to an endpoint.
  • Leads to information disclosure and cookie injection.

Live Threat

Current exploitation, exposure, and threat context

This vulnerability could allow an attacker to initiate arbitrary network requests from LobeHub's infrastructure. This could lead to the leakage of sensitive information, such as Vercel deployment details, and potentially allow for the injection of malicious cookies onto the lobehub.com domain.

  • Arbitrary outbound requests from infrastructure.
  • Leaked Vercel deployment details.
  • Injected cookies on the domain.

Operational Fix

Recommended remediation, mitigation, and detection steps

This vulnerability in LobeHub's proxy endpoint requires immediate attention from the platform or application ownership team responsible for `app.lobehub.com`. The first practical step is to identify all instances of the affected technology, confirm its reachability and business criticality, then locate the accountable owner to plan remediation.

  • Platform/App owners to triage.
  • Verify outbound request reachability.
  • Plan remediation based on risk.

Supplementary metadata

Validate whether this threat affects your internet-facing exposure.

Halo Threat Intelligence helps prioritize remediation with Halo Surface Signal and H/A/L/O context. Start exposure validation with a free external attack surface trial.

Frequently asked questions

What is LobeHub and how is it used?

LobeHub is a collaborative platform designed for building and working with AI agent teammates. It functions as a workspace where users can create, manage, and interact with agents for various tasks. The platform relies on underlying web infrastructure to facilitate these agent interactions and service connections.

What does CVE-2026-54157 mean for security?

This vulnerability is classified as Server-Side Request Forgery (CWE-918). It occurs when an application can be manipulated to make unauthorized network requests to destinations of an attacker's choosing. In this case, the weakness allows the LobeHub service to be tricked into fetching arbitrary URLs, which can lead to sensitive information disclosure or the injection of cookies onto the lobehub.com domain.

How is this LobeHub vulnerability triggered?

The issue is triggered by sending a specially crafted request to the /webapi/proxy endpoint containing a URL in the POST body. Notably, this requires administrative-level privileges to initiate; users without administrative access cannot reach or trigger this specific proxy functionality.

Do I need to worry about this vulnerability?

According to Halo Surface Signal, this vulnerability is highly relevant because the affected endpoint is part of a public-facing web application designed for internet access. Because the service is reachable by design in normal operations, administrative accounts are the primary concern.

What should I do if I run LobeHub?

If you are responsible for the application, the first step is to confirm your current version. Since this vulnerability is resolved in version 2.1.57, updating your deployment is the primary path to remediation. Locate the owners of the service to verify reachability and prioritize the update to eliminate the risk.

References