Mermaid's Song: From Flowchart to Remote Code Execution in LobeChat
Vulnerability ID: CVE-2026-23733
CVSS Score: 6.4
Published: 2026-01-20
A stored Cross-Site Scripting (XSS) vulnerability in LobeChat's Mermaid diagram renderer allows attackers to execute arbitrary JavaScript. In the desktop Electron version, this escalates via an exposed IPC bridge to full Remote Code Execution (RCE).
TL;DR
LobeChat trusted user-supplied text when generating Mermaid diagrams. By injecting malicious HTML into a diagram node label, an attacker can trigger XSS. In the Electron app, this XSS exploits a privileged 'runCommand' API to execute system binaries like calc.exe (or worse) on the victim's machine.
⚠️ Exploit Status: POC
Technical Details
- CWE ID: CWE-94
- Attack Vector: Local (via Chat Content)
- CVSS Score: 6.4 (Medium)
- EPSS Score: 0.00078
- Impact: Remote Code Execution (RCE)
- Exploit Status: PoC Available
- Platform: Electron / Node.js
Affected Systems
- LobeChat Desktop (Windows)
- LobeChat Desktop (macOS)
- LobeChat Desktop (Linux)
- LobeChat Web (XSS only)
-
LobeChat: < 2.0.0-next.180 (Fixed in:
2.0.0-next.180)
Exploit Details
- GitHub Security Advisory: Official advisory containing the PoC payload.
Mitigation Strategies
- Input Sanitization: Strip HTML from Mermaid definitions.
- Library Configuration: Set Mermaid securityLevel to 'strict'.
- IPC Hardening: Remove generic 'runCommand' endpoints; define specific, parameterized allowed actions only.
Remediation Steps:
- Upgrade LobeChat to version 2.0.0-next.180 or later immediately.
- If you cannot upgrade, disable the Mermaid artifact plugin if possible.
- For developers: Review
contextBridgeexposure and remove any generic command execution bridges.
References
Read the full report for CVE-2026-23733 on our website for more details including interactive diagrams and full exploit analysis.
Top comments (0)