CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

CVE-2026-22793 5ire vulnerable to Remote Code Execution (RCE) via ECharts

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe option parsing vulnerability in the ECharts Markdown plugin allows any user able to submit ECharts code blocks to execute arbitrary JavaScript code in the...

CVE-2026-22792 5ire vulnerable to Remote Code Execution (RCE)

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML including on event attributes to execute in the renderer context. An attacker can inject an payload to run arbitrary...

CVE-2025-68669

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits...

CVE-2025-68669 5ire vulnerable to Remote Code Execution (RCE) via mermaid

5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. In versions 0.15.2 and prior, an RCE vulnerability exists in useMarkdown.ts, where the markdown-it-mermaid plugin is initialized with securityLevel: 'loose'. This configuration explicitly permits...

PT-2025-52863

Name of the Vulnerable Software and Affected Versions 5ire versions 0.15.2 and prior Description 5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. A remote code execution issue exists in the useMarkdown.ts file due to the markdown-it-mermaid...

5ire 跨站脚本漏洞

5ire is a cross-platform desktop AI assistant from the individual developers at Ironben. A cross-site scripting vulnerability exists in 5ire 0.15.2 and earlier versions, which stems from a misconfiguration of the markdown-it-mermaid plugin security that could lead to remote code execution...

5ire 跨站脚本漏洞

5ire is a cross-platform desktop AI assistant from the individual developer Ironben. A cross-site scripting vulnerability exists in 5ire version 0.13.2, which stems from content injection in the chat page script widget...

5ire 输入验证错误漏洞

5ire is a cross-platform desktop AI assistant from the individual developers at Ironben. An input validation error vulnerability exists in versions prior to 5ire 0.11.1, which stems from insufficient cleanup leading to stored cross-site scripting that could lead to remote code execution via...