Unrated severityOSV Advisory· Published Jan 21, 2026· Updated Jan 21, 2026

5ire vulnerable to Remote Code Execution (RCE) via ECharts

CVE-2026-22793

Description

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the renderer context. This can lead to Remote Code Execution (RCE) in environments where privileged APIs (such as Electron’s electron.mcp) are exposed, resulting in full compromise of the host system. Version 0.15.3 patches the issue.

Affected products

Nanbingxyz/5ireOSV
Range: v0.10.1, v0.11.0, v0.11.1, …

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/nanbingxyz/5ire/releases/tag/v0.15.3mitrex_refsource_MISC
github.com/nanbingxyz/5ire/security/advisories/GHSA-wg3x-7c26-97wjmitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000