🚨 BREAKING

CVE-2026-43899: DeepChat RCE Via Incomplete Patch for External Protocol Execution

/CRITICAL /CVSS 9.6/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severitycwe-20
CVE-2026-43899: DeepChat RCE Via Incomplete Patch for External Protocol Execution

The National Vulnerability Database has detailed CVE-2026-43899, a critical remote code execution (RCE) vulnerability in DeepChat, an open-source AI agent platform. This flaw, present in versions prior to v1.0.4-beta.1, stems from an incomplete mitigation for a previous vulnerability, CVE-2025-55733.

While developers attempted to restrict api.openExternal() calls, the patch failed to sanitize native Electron pop-up window handlers. This oversight allows an attacker, or a compromised AI endpoint, to embed a malicious Markdown link. When a user interacts with this link, a target="_blank" native window interception in tabPresenter.ts forwards the malicious URL directly to shell.openExternal(url), completely bypassing the intended isValidExternalUrl security controls. The National Vulnerability Database assigned this a CVSS score of 9.6 (CRITICAL).

This is a classic example of security debt. An initial fix was deployed, but the underlying architectural weakness wasn’t fully addressed, leading to a bypass. Defenders using DeepChat must prioritize upgrading to v1.0.4-beta.1 immediately. Attackers will undoubtedly leverage this kind of vulnerability to gain initial access or escalate privileges within environments integrating AI agents, exploiting the trust placed in these platforms.

What This Means For You

  • If your organization integrates DeepChat or similar AI agent platforms, you need to verify your version immediately. This isn't theoretical; it's an RCE bypass that allows arbitrary protocol execution. Patch to v1.0.4-beta.1 without delay and audit your AI endpoint configurations for any untrusted content sources. Assume compromise if you haven't patched.

Related ATT&CK Techniques

T1204.002 Malicious File Execution T1566.002 Phishing: Spearphishing Attachment Initial Access T1190 Exploit Public-Facing Application Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-43899: DeepChat RCE via shell.openExternal() with malicious URL

Sigma YAML — free preview 
title: CVE-2026-43899: DeepChat RCE via shell.openExternal() with malicious URL
id: scw-2026-05-11-ai-1
status: experimental
level: critical
description: |
  Detects the execution of shell.openExternal() with a target="_blank" attribute and a javascript: URI, indicating an attempt to exploit CVE-2026-43899 in DeepChat. This bypasses the intended security checks by leveraging Electron's native window handling.
author: SCW Feed Engine (AI-generated)
date: 2026-05-11
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-43899/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: process_creation
detection:
  selection:
      Image|endswith:
          - 'electron.exe'
      CommandLine|contains:
          - 'shell:openExternal'
      CommandLine|contains:
          - 'target="_blank"'
      CommandLine|contains:
          - 'javascript:'
      condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-43899 RCE DeepChat < v1.0.4-beta.1
CVE-2026-43899 RCE Incomplete mitigation for CVE-2025-55733
CVE-2026-43899 RCE Electron pop-up window handlers in tabPresenter.ts
CVE-2026-43899 RCE Bypass of isValidExternalUrl security boundary via shell.openExternal(url)

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 12, 2026 at 02:20 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-8349 — Omec-Project Amf Vulnerability

CVE-2026-8349 — A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing...

vulnerabilityCVEmedium-severitycwe-119
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-8346 — D-Link DIR-816 1.10CNB05_R1B011D88210 Command Injection

CVE-2026-8346 — A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command...

vulnerabilityCVEmedium-severitycommand-injectioncwe-74cwe-77
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-8345 — D-Link DIR-816 1.10CNB05_R1B011D88210 Command Injection

CVE-2026-8345 — A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such...

vulnerabilityCVEmedium-severitycommand-injectioncwe-74cwe-77
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 5 Sigma