A critical vulnerability has been identified in the DeepChat smart assistant software, rated 9.6 out of 10. This flaw allows an attacker to inject malicious code through the diagram rendering feature, which can be used to gain complete control of the underlying system. Successful exploitation could lead to data theft, malware installation, and significant operational disruption.

The vulnerability is a Stored Cross-Site Scripting (XSS) flaw within the Mermaid diagram rendering engine. An attacker can craft a malicious diagram containing arbitrary JavaScript and save it within the application. When any user views this diagram, the malicious script executes within the context of the DeepChat application. Because the application is built on Electron, the script can access the exposed Inter-Process Communication (IPC) bridge, which allows it to interact with the underlying operating system. The attacker's script can leverage this bridge to register and launch a malicious Model Context Protocol (MCP) server, effectively granting them the ability to execute arbitrary commands on the victim's system and achieve Remote Code Execution (RCE).

This vulnerability is of critical severity with a CVSS score of 9.6. Successful exploitation would result in a complete compromise of the system where the DeepChat application is running. An attacker could exfiltrate sensitive data, install ransomware, deploy spyware, or use the compromised system as a pivot point to attack other assets on the network. The business risks include intellectual property theft, financial loss, regulatory penalties, severe reputational damage, and extended operational downtime.

Immediate Action: Immediately update all instances of DeepChat is a smart assistant uses artificial Multiple Products to the latest version available from the vendor, which addresses this vulnerability. After patching, review application and system access logs for any signs of suspicious activity that may indicate a prior compromise.

Proactive Monitoring: Implement enhanced monitoring to detect potential exploitation attempts. Look for unusual child processes being spawned by the DeepChat application, unexpected outbound network connections from the application process, and logs indicating the registration of unauthorized MCP servers. Security teams should create detection rules based on these indicators of compromise.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Use an Endpoint Detection and Response (EDR) or application control solution to block the DeepChat process from spawning new command shells (e.g., cmd.exe, powershell.exe, /bin/sh).
• Restrict outbound network access from hosts running the vulnerable software, allowing connections only to known, legitimate services.
• If possible within the application, disable the rendering of Mermaid diagrams until the patch can be applied.

Public Exploit Available: false

Given the critical CVSS score of 9.6 and the potential for full system compromise, this vulnerability poses a severe and immediate risk to the organization. We strongly recommend that all affected DeepChat instances be updated to a patched version with the highest priority. Due to the severity and clear exploitation path, this vulnerability should be treated as if it were actively exploited. Do not wait for it to be added to the CISA KEV catalog; remediate immediately.