CVE-2026-43899
Received Received - Intake
Arbitrary Protocol Execution Bypass in DeepChat AI Platform

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: GitHub, Inc.

Description
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass (RCE). While the patch correctly restricted api.openExternal() inside the renderer's preload/index.ts script, it structurally neglected to sanitize native Electron pop-up window handlers. An attacker or a compromised AI endpoint returning a Markdown link can trigger a target="_blank" native window interception in tabPresenter.ts, which forwards the malicious URL directly to shell.openExternal(url) and completely bypasses the isValidExternalUrl security boundary. This vulnerability is fixed in v1.0.4-beta.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-05-12
AI Q&A
2026-05-12
EPSS Evaluated
N/A
NVD
CVE-2026-43899
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
deepchat deepchat to 1.0.4-beta.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-20 The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

This vulnerability affects DeepChat, an open-source AI agent platform. Before version 1.0.4-beta.1, there was an incomplete fix for a previous vulnerability (CVE-2025-55733) that left DeepChat open to arbitrary protocol execution bypass, which can lead to remote code execution (RCE).

The issue arises because while the patch restricted the api.openExternal() function in the renderer's preload script, it failed to sanitize native Electron pop-up window handlers. An attacker or a compromised AI endpoint can return a Markdown link that triggers a native window interception with target="_blank" in the tabPresenter.ts file. This interception forwards the malicious URL directly to shell.openExternal(url), bypassing the security check isValidExternalUrl, allowing execution of arbitrary protocols.

This vulnerability is fixed in DeepChat version 1.0.4-beta.1.


How can this vulnerability impact me? :

This vulnerability can have severe impacts because it allows an attacker or compromised AI endpoint to execute arbitrary protocols on the target system remotely.

  • Remote Code Execution (RCE) - attackers can run malicious code on the victim's machine.
  • Complete bypass of security boundaries designed to validate external URLs.
  • Potential compromise of confidentiality, integrity, and availability of the affected system.

The CVSS v3.1 base score of 9.6 indicates a critical severity with network attack vector, low attack complexity, no privileges required, user interaction required, and high impact on confidentiality, integrity, and availability.


What immediate steps should I take to mitigate this vulnerability?

To mitigate this vulnerability, upgrade DeepChat to version 1.0.4-beta.1 or later, where the issue with arbitrary protocol execution bypass has been fixed.

The patch restricts api.openExternal() inside the renderer's preload/index.ts script and properly sanitizes native Electron pop-up window handlers to prevent malicious URLs from bypassing security boundaries.


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart