🚨 BREAKING

CVE-2026-43900: DeepChat XSS Bypass Threatens AI Implementations

/CRITICAL /CVSS 9.3/10
Written by SCW Vulnerability Desk Vulnerability Intelligence
SCW vulnerabilitycvecriticalhigh-severitycross-site-scripting-xsscwe-79
CVE-2026-43900: DeepChat XSS Bypass Threatens AI Implementations

The National Vulnerability Database has issued a critical alert for CVE-2026-43900, affecting DeepChat, an open-source AI agent platform. This Cross-Site Scripting (XSS) vulnerability, rated 9.3 (CRITICAL), stems from a mismatch in validation logic: the backend’s SVG sanitizer (src/main/lib/svgSanitizer.ts) attempts to block javascript: protocols using plain-text regex, but fails to account for HTML entity decoding before Vue’s v-html DOM insertion in the SvgArtifact.vue component.

Attackers can exploit this by injecting SVG artifacts with obfuscated entities (e.g., javascript:alert(1)). This completely bypasses the sanitizer, leading to arbitrary JavaScript execution when a victim interacts with the rendered SVG element. The impact is significant: compromise of user sessions, data exfiltration, or further client-side attacks are all on the table. The vulnerability is fixed in DeepChat v1.0.4-beta.1.

This isn’t just about a single product; it highlights a recurring flaw in security engineering. Relying solely on regex for sanitization, especially without prior HTML entity decoding, is a rookie mistake that continues to plague applications. The attacker’s calculus here is simple: find a parsing discrepancy and weaponize it. Defenders need to assume such bypasses exist and build more robust, multi-layered input validation and sanitization. This vulnerability is a stark reminder that even open-source projects, often assumed to be more secure due to community scrutiny, can harbor critical design flaws.

What This Means For You

  • If your organization integrates DeepChat, you need to verify its version immediately. Prior to v1.0.4-beta.1, your users are exposed to critical XSS. Patch to the latest version and audit any DeepChat implementations for suspicious SVG artifacts or unusual client-side activity.

Related ATT&CK Techniques

T1190 Exploit Public-Facing Application Initial Access T1566.002 Cross-Site Scripting Initial Access

🛡️ Detection Rules

3 rules · 6 SIEM formats

3 detection rules auto-generated for this incident, mapped to MITRE ATT&CK. Sigma YAML is free — export to any SIEM format via the Intel Bot.

critical T1190 Initial Access

CVE-2026-43900: DeepChat SVG XSS Bypass via Obfuscated Entities

Sigma YAML — free preview 
title: CVE-2026-43900: DeepChat SVG XSS Bypass via Obfuscated Entities
id: scw-2026-05-11-ai-1
status: experimental
level: critical
description: |
  Detects attempts to exploit CVE-2026-43900 by identifying requests to the DeepChat upload API containing SVG data with obfuscated 'javascript:' protocols, indicating a potential XSS bypass attempt.
author: SCW Feed Engine (AI-generated)
date: 2026-05-11
references:
  - https://shimiscyberworld.com/posts/nvd-CVE-2026-43900/
tags:
  - attack.initial_access
  - attack.t1190
logsource:
    category: webserver
detection:
  selection:
      cs-uri|contains:
          - '/api/chat/upload'
      cs-uri-query|contains:
          - 'data:image/svg+xml'
      cs-uri-query|contains:
          - 'javascript:'
      cs-uri-query|contains:
          - 'avascript:'
      cs-uri-query|contains:
          - 'Avascript:'
      cs-uri-query|contains:
          - 'Avascript:'
      cs-uri-query|contains:
          - 'javascript:'
      cs-uri-query|contains:
          - 'Query'
      cs-uri-query|contains:
          - 'Query'
  condition: selection
falsepositives:
  - Legitimate administrative activity

Source: Shimi's Cyber World · License & reuse

✓ Sigma · Splunk SPL Sentinel KQL Elastic QRadar AQL Wazuh Get rules for your SIEM →

Indicators of Compromise

IDTypeIndicator
CVE-2026-43900 XSS DeepChat < v1.0.4-beta.1
CVE-2026-43900 XSS DeepChat component: src/main/lib/svgSanitizer.ts
CVE-2026-43900 XSS DeepChat component: SvgArtifact.vue
CVE-2026-43900 XSS Attack vector: HTML entity encoding bypass (e.g., javascript:alert(1)) in SVG artifact

Written by SCW Vulnerability Desk

Source & Attribution
Source PlatformNVD
ChannelNational Vulnerability Database
PublishedMay 12, 2026 at 02:20 UTC

This content was AI-rewritten and enriched by Shimi's Cyber World based on the original source. All intellectual property rights remain with the original author.

Believe this infringes your rights? Submit a takedown request.

Related coverage

CVE-2026-8349 — Omec-Project Amf Vulnerability

CVE-2026-8349 — A flaw has been found in omec-project amf up to 2.1.1. This vulnerability affects unknown code of the component NGAP Message Handler. Executing...

vulnerabilityCVEmedium-severitycwe-119
/SCW Vulnerability Desk /MEDIUM /4.3 /⚑ 2 IOCs /⚙ 2 Sigma

CVE-2026-8346 — D-Link DIR-816 1.10CNB05_R1B011D88210 Command Injection

CVE-2026-8346 — A vulnerability was detected in D-Link DIR-816 1.10CNB05_R1B011D88210. This affects the function portForward. Performing a manipulation of the argument ip_address results in command...

vulnerabilityCVEmedium-severitycommand-injectioncwe-74cwe-77
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 2 Sigma

CVE-2026-8345 — D-Link DIR-816 1.10CNB05_R1B011D88210 Command Injection

CVE-2026-8345 — A security vulnerability has been detected in D-Link DIR-816 1.10CNB05_R1B011D88210. Affected by this issue is the function sub_445E7C of the file /goform/singlePortForward. Such...

vulnerabilityCVEmedium-severitycommand-injectioncwe-74cwe-77
/SCW Vulnerability Desk /MEDIUM /6.3 /⚑ 3 IOCs /⚙ 5 Sigma