CVE-2026-22792
Published: 21 January 2026
Summary
CVE-2026-22792 is a critical-severity Improper Encoding or Escaping of Output (CWE-116) vulnerability in 5Ire 5Ire. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 36.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-15 (Information Output Filtering).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly addresses unsafe HTML rendering by requiring filtering of outputs to neutralize untrusted HTML payloads like <img onerror=...> before display in the renderer.
Validates untrusted inputs to prevent injection of malicious HTML and event attributes that execute JavaScript in the renderer context.
Mandates timely remediation of flaws such as this unsafe HTML rendering vulnerability through patching to version 0.15.3 or equivalent fixes.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables arbitrary JavaScript execution in the renderer context via unsafe HTML rendering (e.g., onerror attributes), leading to remote command execution through exposed bridge APIs, directly facilitating Exploitation for Client Execution (T1203).
NVD Description
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML (including on* event attributes) to execute in the renderer context. An attacker can inject an `<img…
more
onerror=...>` payload to run arbitrary JavaScript in the renderer, which can call exposed bridge APIs such as `window.bridge.mcpServersManager.createServer`. This enables unauthorized creation of MCP servers and lead to remote command execution. Version 0.15.3 fixes the issue.
Deeper analysisAI
CVE-2026-22792 is a high-severity vulnerability (CVSS v3.1 score of 9.6, AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H) affecting 5ire, a cross-platform desktop artificial intelligence assistant and model context protocol client, in versions prior to 0.15.3. The issue arises from unsafe HTML rendering that permits untrusted HTML, including on* event attributes, to execute arbitrary JavaScript directly in the renderer context (CWE-116).
A remote attacker can exploit this by injecting a payload such as an <img onerror=...> tag, which triggers JavaScript execution in the renderer. This allows the attacker to call exposed bridge APIs, for example window.bridge.mcpServersManager.createServer, enabling unauthorized creation of MCP servers and ultimately leading to remote command execution on the victim's machine. Exploitation requires user interaction, such as rendering malicious content, but needs no privileges.
The vulnerability is fixed in version 0.15.3 of 5ire. Security practitioners should update to this version immediately. Additional details are available in the GitHub security advisory (https://github.com/nanbingxyz/5ire/security/advisories/GHSA-p5fm-wm8g-rffx) and release notes (https://github.com/nanbingxyz/5ire/releases/tag/v0.15.3).
As an AI assistant handling model context protocols, 5ire's exposure underscores risks in desktop AI applications where renderer-process interactions can escalate to system compromise. No public evidence of real-world exploitation is noted as of the CVE publication on 2026-01-21.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: artificial intelligence, model context protocol, mcp