CVE-2026-22792 is a critical security vulnerability classified under CWE-116 (Improper Encoding or Escaping of Output) affecting nanbingxyz's 5ire, a cross-platform desktop AI assistant and model context protocol client. Versions prior to 0.15.3 improperly handle HTML rendering in the application’s renderer context, allowing untrusted HTML content to execute scripts. Specifically, the vulnerability arises because the renderer permits unsafe HTML including event handler attributes such as onerror in <img> tags. An attacker can craft a payload like <img onerror=...> that executes arbitrary JavaScript within the renderer process. This JavaScript can invoke exposed bridge APIs, for example, window.bridge.mcpServersManager.createServer, enabling unauthorized creation of MCP servers. Such capability can escalate to remote command execution on the host system. The vulnerability requires user interaction (e.g., viewing malicious content) but does not require prior authentication, making it accessible to remote attackers. The flaw impacts confidentiality, integrity, and availability by allowing arbitrary code execution and control over application functions. The issue was publicly disclosed on January 21, 2026, with a CVSS v3.1 score of 9.7 (critical), reflecting its high exploitability and severe impact. The vendor fixed the vulnerability in version 0.15.3 by properly sanitizing and escaping HTML output to prevent script execution. No known exploits in the wild have been reported yet, but the severity and ease of exploitation make it a significant threat. Organizations using affected versions should prioritize upgrading and review content rendering policies to mitigate risk.

For European organizations, this vulnerability poses a severe risk due to the potential for remote code execution without authentication, which can lead to full compromise of affected systems. Confidentiality is at risk as attackers can execute arbitrary scripts that may access sensitive data. Integrity is compromised because attackers can manipulate application behavior, including unauthorized creation of MCP servers, potentially enabling further lateral movement or persistence. Availability may be impacted if attackers disrupt services or execute destructive commands. Organizations relying on 5ire for AI assistance or model context management could face operational disruptions, data breaches, and reputational damage. The cross-platform nature of 5ire means both Windows and Linux endpoints in enterprises are vulnerable. Given the critical CVSS score and the possibility of user interaction via malicious content, phishing or social engineering campaigns could be used to trigger exploitation. The lack of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for remediation. European sectors with high AI adoption, including finance, technology, and research institutions, are particularly at risk due to their reliance on such tools and the sensitivity of their data.

1. Immediate upgrade of all 5ire installations to version 0.15.3 or later to apply the official fix. 2. Implement strict content security policies (CSP) to restrict execution of untrusted scripts within the application context. 3. Disable or limit the use of bridge APIs exposed to the renderer process unless absolutely necessary, applying the principle of least privilege. 4. Educate users about the risks of interacting with untrusted or unsolicited content within the 5ire application to reduce the likelihood of triggering the vulnerability. 5. Monitor network and application logs for suspicious activity related to MCP server creation or unusual API calls. 6. Employ endpoint detection and response (EDR) solutions to detect anomalous behavior indicative of exploitation attempts. 7. If upgrading immediately is not feasible, consider isolating 5ire usage to controlled environments or sandboxed sessions to limit impact. 8. Regularly review and audit third-party integrations and plugins within 5ire that might expose additional attack surfaces. 9. Coordinate with internal security teams to incorporate this vulnerability into threat hunting and incident response plans.