CVE-2026-43900
Received Received - Intake
Cross-Site Scripting in DeepChat AI Platform

Publication date: 2026-05-11

Last updated on: 2026-05-11

Assigner: GitHub, Inc.

Description
DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, a Cross-Site Scripting (XSS) vulnerability exists due to a discrepancy between the backend validation layer and the frontend browser rendering engine. The SVGSanitizer (src/main/lib/svgSanitizer.ts) restricts script execution by scrubbing javascript: protocols using plain-text regular expressions. However, it fails to account for HTML entity decoding prior to Vue's v-html DOM insertion inside the SvgArtifact.vue component. By feeding an SVG artifact with obfuscated entities (e.g., javascript:alert(1)), an attacker can completely bypass the sanitizer, culminating in arbitrary JavaScript execution when a victim interacts with the rendered SVG Element. This vulnerability is fixed in v1.0.4-beta.1.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-05-11
Last Modified
2026-05-11
Generated
2026-06-21
AI Q&A
2026-05-12
EPSS Evaluated
2026-06-20
NVD
CVE-2026-43900
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
deepchat deepchat to 1.0.4-beta.1 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-79 The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is a Cross-Site Scripting (XSS) issue in DeepChat, an open-source AI agent platform. It arises because the backend validation layer and the frontend browser rendering engine handle SVG content differently. Specifically, the SVGSanitizer attempts to block script execution by removing javascript: protocols using simple regular expressions, but it does not consider HTML entity decoding that happens before Vue's v-html DOM insertion. An attacker can exploit this by embedding obfuscated entities in an SVG artifact, such as javascript:alert(1), which bypasses the sanitizer and allows arbitrary JavaScript to execute when a user interacts with the rendered SVG element.

Impact Analysis

This vulnerability can lead to arbitrary JavaScript execution in the context of the victim's browser when they interact with a malicious SVG element. This can result in unauthorized actions such as stealing sensitive information, session hijacking, defacement, or performing actions on behalf of the user without their consent. Because the CVSS base score is 9.3 with high confidentiality and integrity impacts, the vulnerability poses a severe risk to affected systems.

Mitigation Strategies

The vulnerability is fixed in DeepChat version v1.0.4-beta.1. The immediate step to mitigate this vulnerability is to upgrade your DeepChat installation to version v1.0.4-beta.1 or later.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-43900. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart