CVE-2026-22793
Published: 21 January 2026
Summary
CVE-2026-22793 is a critical-severity Code Injection (CWE-94) vulnerability in 5Ire 5Ire. Its CVSS base score is 9.6 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploitation for Client Execution (T1203); ranked in the top 42.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Protocol-Specific Risks risk domain.
The strongest mitigations our analysis identified are NIST 800-53 SC-18 (Mobile Code) and SI-10 (Information Input Validation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly mitigates the vulnerability by identifying and applying the patch in version 0.15.3 that fixes the unsafe option parsing in the ECharts Markdown plugin.
Requires validation of user-submitted ECharts code blocks to prevent arbitrary JavaScript injection during option parsing.
Restricts execution of arbitrary JavaScript treated as mobile code in the renderer context from user-submitted ECharts content.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Vulnerability enables arbitrary JavaScript execution in Electron renderer via unsafe ECharts Markdown parsing, directly facilitating client-side exploitation (T1203) and JavaScript command/script execution (T1059.007) for potential RCE.
NVD Description
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript…
more
code in the renderer context. This can lead to Remote Code Execution (RCE) in environments where privileged APIs (such as Electron’s electron.mcp) are exposed, resulting in full compromise of the host system. Version 0.15.3 patches the issue.
Deeper analysisAI
CVE-2026-22793 is an unsafe option parsing vulnerability in the ECharts Markdown plugin of 5ire, a cross-platform desktop artificial intelligence assistant and model context protocol client. Versions of 5ire prior to 0.15.3 are affected, enabling attackers to execute arbitrary JavaScript code in the renderer context when malicious ECharts code blocks are submitted. This issue is classified under CWE-94 (Improper Control of Generation of Code) with a CVSS v3.1 base score of 9.6 (AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H).
Any user capable of submitting ECharts code blocks—such as through shared documents, chats, or inputs processed by 5ire—can exploit the vulnerability. Successful exploitation allows arbitrary JavaScript execution in the renderer process, potentially escalating to remote code execution (RCE) in Electron-based environments where privileged APIs like electron.mcp are exposed, resulting in full compromise of the host system including high confidentiality, integrity, and availability impacts.
Version 0.15.3 of 5ire patches the vulnerability by addressing the unsafe option parsing. Security practitioners should update to this version immediately. Additional details are available in the GitHub release notes at https://github.com/nanbingxyz/5ire/releases/tag/v0.15.3 and the security advisory at https://github.com/nanbingxyz/5ire/security/advisories/GHSA-wg3x-7c26-97wj.
This vulnerability underscores security risks in AI desktop applications leveraging web rendering components like ECharts and Electron, where user-submitted content can bridge to system-level access. No public evidence of real-world exploitation has been reported as of the CVE publication on 2026-01-21.
Details
- CWE(s)
Affected Products
AI Security AnalysisAI
- AI Category
- AI Agent Protocols and Integrations
- Risk Domain
- Protocol-Specific Risks
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: artificial intelligence, model context protocol, mcp