CVE-2026-22793 is a critical vulnerability classified under CWE-94 (Improper Control of Generation of Code) found in the nanbingxyz 5ire application, a cross-platform AI assistant and model context protocol client. The vulnerability arises from unsafe option parsing in the ECharts Markdown plugin used by 5ire versions prior to 0.15.3. Specifically, the plugin allows users to submit ECharts code blocks that contain JavaScript, which is executed in the renderer context without proper sanitization or validation. Because 5ire is built on Electron, if privileged APIs such as electron.mcp are exposed, this JavaScript execution can escalate to remote code execution (RCE) on the host system. This means an attacker who can submit malicious ECharts code can execute arbitrary code with the privileges of the 5ire application, potentially compromising the entire host. The vulnerability requires user interaction (submitting or rendering malicious content) but no prior authentication, making it exploitable in scenarios where untrusted users can influence content rendered by 5ire. The CVSS v3.1 score is 9.7 (critical), reflecting the high impact on confidentiality, integrity, and availability, ease of exploitation (network vector, low complexity), and scope change (compromise of the host system). The vulnerability was publicly disclosed on January 21, 2026, and patched in version 0.15.3 of 5ire. No known exploits have been reported in the wild yet. The vulnerability highlights the risks of executing user-supplied code in Electron-based applications without strict sanitization and the dangers of exposing privileged APIs to renderer processes.

For European organizations, this vulnerability poses a severe risk, especially for those deploying 5ire as an AI assistant in enterprise environments. Successful exploitation can lead to full system compromise, allowing attackers to steal sensitive data, deploy malware, or disrupt operations. Sectors such as finance, healthcare, government, and critical infrastructure are particularly vulnerable due to the potential for data breaches and operational disruption. The cross-platform nature of 5ire means both Windows and Linux systems could be affected, broadening the attack surface. The requirement for user interaction means phishing or social engineering could be used to trigger the exploit. Given the high CVSS score and potential for complete host takeover, the impact on confidentiality, integrity, and availability is critical. This could lead to regulatory repercussions under GDPR if personal data is compromised, as well as reputational damage and financial losses.

1. Immediately upgrade all instances of nanbingxyz 5ire to version 0.15.3 or later, which contains the patch for this vulnerability. 2. Restrict the ability of untrusted users to submit or render ECharts code blocks within 5ire, implementing strict input validation and sanitization. 3. Review and minimize exposure of privileged Electron APIs such as electron.mcp in the renderer context; consider applying context isolation and disabling Node.js integration where possible. 4. Employ application-level sandboxing and use Electron’s security best practices, including enabling Content Security Policy (CSP) to restrict script execution. 5. Monitor logs and network traffic for suspicious activity related to ECharts rendering or unexpected JavaScript execution. 6. Educate users about the risks of interacting with untrusted content within 5ire and implement phishing awareness training. 7. For organizations with custom deployments, conduct code audits to ensure no other plugins or components allow unsafe code execution. 8. Maintain up-to-date backups and incident response plans in case of compromise.