CVE-2026-43899— DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

CVSS 9.6 · Critical EPSS 0.08% · P24 Updated May 15, 2026

Possible ATT&CK Techniques 1AI

T1203 · Exploitation for Client Execution

Affected Version Matrix 1

Vendor	Product	Version Range	Status
ThinkInAIXYZ	deepchat	`< 1.0.4-beta.1`	affected

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-43899

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

Source: NVD (National Vulnerability Database)

Vulnerability Description

DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.4-beta.1, An incomplete mitigation for CVE-2025-55733 leaves DeepChat vulnerable to an arbitrary protocol execution bypass (RCE). While the patch correctly restricted api.openExternal() inside the renderer's preload/index.ts script, it structurally neglected to sanitize native Electron pop-up window handlers. An attacker or a compromised AI endpoint returning a Markdown link can trigger a target="_blank" native window interception in tabPresenter.ts, which forwards the malicious URL directly to shell.openExternal(url) and completely bypasses the isValidExternalUrl security boundary. This vulnerability is fixed in v1.0.4-beta.1.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Source: NVD (National Vulnerability Database)

Vulnerability Type

输入验证不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

DeepChat 输入验证错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

DeepChat是ThinkInAIXYZ开源的一款智能助手。 DeepChat v1.0.4-beta.1之前版本存在输入验证错误漏洞，该漏洞源于对CVE-2025-55733的不完全缓解措施，虽然补丁正确限制了渲染器中的api.openExternal()，但结构上忽略了清理原生Electron弹出窗口处理程序，攻击者或受损AI端点返回的Markdown链接可触发target=_blank原生窗口拦截，将恶意URL直接转发给shell.openExternal(url)并完全绕过isValidExte

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
ThinkInAIXYZ	deepchat	< 1.0.4-beta.1	-

II. Public POCs for CVE-2026-43899

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2026-43899

请登录查看更多情报信息。

IV. Related Vulnerabilities

Same product: deepchat

Same vendor: ThinkInAIXYZ

Same weakness: CWE-20

V. Comments for CVE-2026-43899

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2026-43899— DeepChat: Incomplete Fix for CVE-2025-55733 leads to Remote Code Execution via Markdown Links bypassing `isValidExternalUrl`

Possible ATT&CK Techniques 1AI

Affected Version Matrix 1

I. Basic Information for CVE-2026-43899

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2026-43899

III. Intelligence Information for CVE-2026-43899

IV. Related Vulnerabilities

V. Comments for CVE-2026-43899

Leave a comment