Vulnerability Details CVE-2025-26210
DeepSeek R1 through V3.1 allows XSS, as demonstrated by JavaScript execution in the context of the run-html-chat.deepseeksvc.com domain. NOTE: some third parties have indicated that this is intended behavior.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.4%
CVSS Severity
CVSS v3 Score 8.8
References
Products affected by CVE-2025-26210
-
cpe:2.3:a:deepseek:deepseek-r1:1.0
-
cpe:2.3:a:deepseek:deepseek-v2:-
-
cpe:2.3:a:deepseek:deepseek-v3:1.0