CVE-2026-23733
Unknown Unknown - Not Provided
Stored XSS in LobeChat Mermaid Renderer Enables RCE

Publication date: 2026-01-18

Last updated on: 2026-01-18

Assigner: GitHub, Inc.

Description
LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting (XSS) vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution (RCE) by leveraging the exposed `electronAPI` IPC bridge, allowing attackers to run arbitrary system commands on the victim's machine. Version 2.0.0-next.180 patches the issue.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-01-18
Last Modified
2026-01-18
Generated
2026-06-16
AI Q&A
2026-01-19
EPSS Evaluated
2026-06-14
NVD
CVE-2026-23733
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
lobe chat to 2.0.0-next.180 (exc)
lobe chat 2.0.0-next.180
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-94 The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2026-23733 is a stored Cross-Site Scripting (XSS) vulnerability in the LobeChat application, specifically in the Mermaid artifact renderer. Unsanitized user or AI-generated content is passed to the Mermaid component, which renders HTML directly into the DOM, allowing attackers to inject malicious JavaScript. In the desktop version, this XSS can be escalated to Remote Code Execution (RCE) by exploiting an exposed Electron IPC bridge called 'electronAPI'. Attackers can invoke system commands on the victim's machine by triggering the 'runCommand' handler, which executes commands using Node.js's child_process.spawn. This means an attacker can run arbitrary system commands remotely through this vulnerability. [1]

Impact Analysis

This vulnerability can have severe impacts including full Remote Code Execution (RCE) on the victim's machine. An attacker can execute arbitrary system commands, potentially leading to unauthorized access, data theft, system compromise, or disruption of services. The impact affects confidentiality, integrity, and availability of the system, allowing attackers to control the affected machine remotely. [1]

Detection Guidance

Detection involves identifying if your system is running a vulnerable version of LobeChat (versions prior to 2.0.0-next.180) and monitoring for suspicious Mermaid diagram content that includes malicious HTML or JavaScript injection. Since the vulnerability exploits the Renderer component handling Mermaid diagrams and the Electron IPC bridge 'electronAPI', you can check for processes running LobeChat versions <= 2.0.0-next.179. Additionally, monitoring IPC calls to 'runCommand' or unexpected child process executions spawned by LobeChat may indicate exploitation attempts. Specific commands might include checking the installed package version (e.g., using npm or your package manager) and scanning logs for suspicious IPC invocations or child process spawns. However, no explicit detection commands are provided in the resources. [1]

Mitigation Strategies

The immediate mitigation step is to upgrade LobeChat to version 2.0.0-next.180 or later, where this vulnerability is patched. Avoid processing untrusted Mermaid diagrams or user-generated content until the update is applied. Additionally, consider restricting or monitoring IPC bridge usage and command execution capabilities within the Electron application to limit potential exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-23733. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart