CVE-2026-22793

Critical CVSS: 9.6

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the renderer context. This can lead to Remote Code Execution (RCE) in environments where privileged APIs (such as Electron’s electron.mcp) are exposed, resulting in full compromise of the host system. Version 0.15.3 patches the issue.

Vendor

5ire

Product

5ire

CWE

CWE-94

Yayın Tarihi

2026-01-21 21:16:10

Güncelleme

2026-01-29 19:58:16

Source Identifier

security-advisories@github.com

KEV Date Added

Kategoriler

CWE-94 5ire CRITICAL 5ire 2026

Referanslar

https://github.com/nanbingxyz/5ire/releases/tag/v0.15.3 https://github.com/nanbingxyz/5ire/security/advisories/GHSA-wg3x-7c26-97wj

Benzer Kayıtlar

Critical

CVE-2026-22792

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0…

Critical

CVE-2025-68669

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2…

Critical

CVE-2025-58357

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Version 0.13.2 con…

Critical

CVE-2025-47777

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions prior to…