Home

Description

DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior.

PUBLISHED Reserved 2025-02-07 | Published 2025-09-03 | Updated 2025-09-08 | Assigner mitre

References

hackmd.io/@MrqrFIlhQFi7vUwkqbrXDw/deepseek

youtu.be/IgQwy52FVT4

deepseek.com

cve.org (CVE-2025-26210)

nvd.nist.gov (CVE-2025-26210)

Download JSON