A critical RCE vulnerability in DeepChat allows an attacker to execute arbitrary code via a malicious Markdown link that bypasses the platform’s security boundaries.

This is an arbitrary protocol execution vulnerability stemming from the failure to sanitize native Electron pop-up window handlers. An unauthenticated attacker can trigger a shell.openExternal() call via a malformed Markdown link, leading to potential RCE.

This vulnerability allows for full system compromise, providing attackers with the ability to execute arbitrary commands on the host machine. With a CVSS score of 9.6, this is a critical threat that could lead to complete data exfiltration and loss of control over the affected system.

Immediate Action: Upgrade to DeepChat version 1.0.4-beta.1 or later to apply the necessary security boundary fixes.

Proactive Monitoring: Review system logs for unusual external process execution and monitor for unexpected spawned child processes originating from the application.

Compensating Controls: Restrict the application’s ability to spawn external processes or open external URLs using OS-level sandboxing or egress filtering.

Public Exploit Available: false

The severity of this RCE vulnerability necessitates immediate remediation. Administrators should ensure that all instances of the DeepChat platform are updated to the patched version to prevent remote code execution attacks.