exploitDog

CVE-2026-23733

Опубликовано: 18 янв. 2026

Источник: nvd

CVSS3: 6.4

EPSS Низкий

Описание

LobeChat is an open source chat application platform. Prior to version 2.0.0-next.180, a stored Cross-Site Scripting (XSS) vulnerability in the Mermaid artifact renderer allows attackers to execute arbitrary JavaScript within the application context. This XSS can be escalated to Remote Code Execution (RCE) by leveraging the exposed electronAPI IPC bridge, allowing attackers to run arbitrary system commands on the victim's machine. Version 2.0.0-next.180 patches the issue.

Ссылки

https://github.com/lobehub/lobe-chat/security/advisories/GHSA-4gpc-rhpj-9443

EPSS

Процентиль: 25%

0.00084

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-94

Связанные уязвимости

GHSA-4gpc-rhpj-9443

CVSS3: 9.6

github

18 дней назад

Lobe Chat affected by Cross-Site Scripting(XSS) that can escalate to Remote Code Execution(RCE)

EPSS

Процентиль: 25%

0.00084

Низкий

6.4 Medium

CVSS3

Дефекты

CWE-94