An unauthenticated SSRF vulnerability in LobeHub allows remote attackers to perform unauthorized outbound requests and manipulate session cookies, posing a critical risk to infrastructure integrity.

This is an unauthenticated Server-Side Request Forgery (SSRF) flaw occurring in the /webapi/proxy endpoint. The service fails to validate user-supplied URLs, allowing attackers to force the server to fetch arbitrary resources, leak deployment metadata, and inject malicious cookies.

The ability to perform unauthorized requests from the application's infrastructure can lead to the exposure of sensitive internal network configurations and deployment secrets. With a CVSS score of 9.0, this vulnerability presents a significant risk of session hijacking via reflected cookie injection, potentially leading to full account takeover and unauthorized access to sensitive user data.

Immediate Action: Upgrade LobeHub to version 2.1.57 or later immediately to apply the necessary input validation controls.

Proactive Monitoring: Review web server access logs for anomalous POST requests directed at the /webapi/proxy endpoint, particularly those containing external URLs.

Compensating Controls: Implement strict egress filtering on the application server to restrict outbound connections to known, trusted domains.

Public Exploit Available: Unknown

Given the critical nature of this SSRF vulnerability and the potential for infrastructure-wide impact, organizations should prioritize patching LobeHub to version 2.1.57. Failure to remediate allows attackers to bypass security boundaries, potentially compromising the integrity of the entire LobeHub domain.