PT-2026-3864 · 5Ire · 5Ire+1
C2An1
·
Published
2026-01-21
·
Updated
2026-01-22
·
CVE-2026-22793
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
5ire versions prior to 0.15.3
Description
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A flaw in the ECharts Markdown plugin allows any user capable of submitting ECharts code blocks to execute arbitrary JavaScript code within the renderer context. This can lead to Remote Code Execution (RCE) in environments where privileged APIs are accessible, potentially resulting in full compromise of the host system. The issue stems from an unsafe option parsing mechanism within the ECharts Markdown plugin.
Recommendations
Update to version 0.15.3 to address the issue.
Exploit
Fix
RCE
Code Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
5Ire
Echarts Markdown Plugin