CVE-2026-43899

Name of the Vulnerable Software and Affected Versions DeepChat versions prior to 1.0.4-beta.1

Description An incomplete mitigation for a previous issue allows for an arbitrary protocol execution bypass, which can lead to remote code execution (RCE). While restrictions were applied to the api.openExternal() function within the renderer's preload/index.ts script, native Electron pop-up window handlers were not sanitized. An attacker or a compromised AI endpoint can provide a Markdown link that triggers a target=" blank" native window interception in tabPresenter.ts. This process forwards the malicious URL directly to shell.openExternal(url), bypassing the isValidExternalUrl security boundary.

Recommendations Update to version 1.0.4-beta.1.