CVE-2026-23733
Stored XSS in LobeChat Mermaid Renderer Enables RCE
Publication date: 2026-01-18
Last updated on: 2026-01-18
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| lobe | chat | to 2.0.0-next.180 (exc) |
| lobe | chat | 2.0.0-next.180 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2026-23733 is a stored Cross-Site Scripting (XSS) vulnerability in the LobeChat application, specifically in the Mermaid artifact renderer. Unsanitized user or AI-generated content is passed to the Mermaid component, which renders HTML directly into the DOM, allowing attackers to inject malicious JavaScript. In the desktop version, this XSS can be escalated to Remote Code Execution (RCE) by exploiting an exposed Electron IPC bridge called 'electronAPI'. Attackers can invoke system commands on the victim's machine by triggering the 'runCommand' handler, which executes commands using Node.js's child_process.spawn. This means an attacker can run arbitrary system commands remotely through this vulnerability. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including full Remote Code Execution (RCE) on the victim's machine. An attacker can execute arbitrary system commands, potentially leading to unauthorized access, data theft, system compromise, or disruption of services. The impact affects confidentiality, integrity, and availability of the system, allowing attackers to control the affected machine remotely. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves identifying if your system is running a vulnerable version of LobeChat (versions prior to 2.0.0-next.180) and monitoring for suspicious Mermaid diagram content that includes malicious HTML or JavaScript injection. Since the vulnerability exploits the Renderer component handling Mermaid diagrams and the Electron IPC bridge 'electronAPI', you can check for processes running LobeChat versions <= 2.0.0-next.179. Additionally, monitoring IPC calls to 'runCommand' or unexpected child process executions spawned by LobeChat may indicate exploitation attempts. Specific commands might include checking the installed package version (e.g., using npm or your package manager) and scanning logs for suspicious IPC invocations or child process spawns. However, no explicit detection commands are provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to upgrade LobeChat to version 2.0.0-next.180 or later, where this vulnerability is patched. Avoid processing untrusted Mermaid diagrams or user-generated content until the update is applied. Additionally, consider restricting or monitoring IPC bridge usage and command execution capabilities within the Electron application to limit potential exploitation. [1]