CVE-2026-23522 is a security vulnerability classified under CWE-284 (Improper Access Control) affecting lobe-chat, an open source chat application platform. The flaw exists in the tRPC endpoint `knowledgeBase.removeFilesFromKnowledgeBase` prior to version 2.0.0-next.193. This endpoint allows authenticated users to delete files from any knowledge base without verifying if the user owns or has permission to modify that knowledge base. The root cause is a commented-out `userId` filter in the database query responsible for enforcing ownership checks. Consequently, an attacker who is authenticated can delete files belonging to other users if they know the knowledge base ID and the file ID. These IDs are randomly generated and not easily guessable or enumerable, which raises the attack complexity. However, these identifiers may leak through shared links, logs, or HTTP referrer headers, increasing the risk of exploitation. The vulnerability affects data integrity by enabling unauthorized deletion of files but does not impact confidentiality or availability. No public exploits have been reported yet. The vendor has addressed the issue in version 2.0.0-next.193 by restoring proper authorization checks. The CVSS v3.1 base score is 3.7, reflecting a low severity mainly due to the high attack complexity and limited impact scope.

For European organizations using lobe-chat versions prior to 2.0.0-next.193, this vulnerability poses a risk to data integrity within knowledge bases. Unauthorized deletion of files could disrupt collaboration, cause data loss, and impact business processes relying on shared knowledge. Although the vulnerability does not directly affect confidentiality or availability, the loss of critical knowledge base files could indirectly affect operational continuity and decision-making. The requirement for authentication limits exposure to internal or compromised users, but leaked knowledge base and file IDs could enable targeted attacks. Organizations in sectors with stringent data integrity requirements, such as finance, healthcare, and government, may face increased risk. The absence of known exploits reduces immediate threat but patching is essential to prevent potential abuse, especially in environments where knowledge base links or logs are widely shared or insufficiently protected.

European organizations should immediately upgrade lobe-chat to version 2.0.0-next.193 or later to ensure the authorization checks are properly enforced. In addition to patching, organizations should audit access logs and knowledge base sharing practices to identify potential leakage of knowledge base and file IDs. Implement strict access controls and monitoring on knowledge base sharing links and logs to minimize ID exposure. Employ network segmentation and role-based access controls to restrict authenticated users’ permissions to only their own knowledge bases. Regularly review and update authentication and authorization mechanisms within the platform. Educate users about the risks of sharing knowledge base links publicly or in unsecured channels. Consider implementing additional logging and alerting for unusual deletion activities. Finally, integrate vulnerability management processes to track and remediate such flaws promptly.