{"data":{"id":"cc390603-b49a-46fb-830a-d9f7488798fe","title":"CVE-2026-43899: DeepChat is an open-source artificial intelligence agent platform that unifies models, tools, and agents. Prior to v1.0.","summary":"DeepChat, an open-source AI platform combining models, tools, and agents, has a vulnerability in versions before v1.0.4-beta.1 that allows remote code execution (RCE, where an attacker can run commands on a system they don't own). An attacker can use a malicious link in Markdown or a compromised AI endpoint to bypass security checks and execute arbitrary commands by exploiting unprotected pop-up window handlers in the application.","solution":"Update DeepChat to v1.0.4-beta.1 or later, where this vulnerability is fixed.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2026-43899","publishedAt":"2026-05-11T23:20:21.410Z","cveId":"CVE-2026-43899","cweIds":["CWE-20"],"cvssScore":"9.6","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["DeepChat"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H","attackVector":"network","attackComplexity":"low","privilegesRequired":"none","userInteraction":"required","exploitMaturity":"unknown","epssScore":0,"patchAvailable":null,"disclosureDate":"2026-05-11T23:20:21.410Z","capecIds":null,"crossRefCount":0,"attackSophistication":"moderate","impactType":["integrity","availability"],"aiComponentTargeted":"agent","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}