cvedb.io
CVE-2026-22793
CRITICAL · CVSS 9.6
EPSS exploitation probability: 0%
Published 2026-01-21T21:16:10.107 · Last modified 2026-06-17T10:20:26.300

Summary

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the renderer context. This can lead to Remote Code Execution (RCE) in environments where privileged APIs (such as Electron’s electron.mcp) are exposed, resulting in full compromise of the host system. Version 0.15.3 patches the issue.

Affected products

5ire — 5ire

Does this affect you?

Add your gear to cvedb and we'll alert you only when 5ire ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.