CVE-2026-22792
9.7
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Summary
5ire is a cross-platform desktop artificial intelligence assistant and model context protocol client. Prior to version 0.15.3, an unsafe HTML rendering permits untrusted HTML (including on* event attributes) to execute in the renderer context. An attacker can inject an <img onerror=...> payload to run arbitrary JavaScript in the renderer, which can call exposed bridge APIs such as window.bridge.mcpServersManager.createServer. This enables unauthorized creation of MCP servers and lead to remote command execution. Version 0.15.3 fixes the issue.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| nanbingxyz | 5ire | < 0.15.3 | affected |
Weaknesses
- CWE-116: CWE-116: Improper Encoding or Escaping of Output
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: poc
- Automatable: no
- Technical Impact: total
References
- https://github.com/nanbingxyz/5ire/security/advisories/GHSA-p5fm-wm8g-rffx
- https://github.com/nanbingxyz/5ire/releases/tag/v0.15.3
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.