CNNVD-202601-3346 Information
CNNVD ID
CNNVD-202601-3346
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
5ire是Ironben个人开发者的一个跨平台的桌面AI助手。 5ire 0.15.3之前版本存在代码注入漏洞,该漏洞源于ECharts Markdown插件中存在不安全的选项解析,可能导致能够提交ECharts代码块的用户执行任意JavaScript代码,进而实现远程代码执行。
Description (English)
5re is a cross-platform desktop AI assistant to the Ironben personal developer. The code-injection gap in the pre-5ire 0.15.3 version, which stems from an unsafe option resolution in the ECharts Markdown plugin, could lead to the submission of an EChart code block to users to perform any JavaScript code and thus to remote code execution.
Hazard Level
Low
Vulnerability Type
代码注入
Affected Vendor
个人开发者
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/nanbingxyz/5ire/releases/tag/v0.15.3 https://github.com/nanbingxyz/5ire/security/advisories/GHSA-wg3x-7c26-97wj https://access.redhat.com/security/cve/cve-2026-22793
Patch
https://github.com/nanbingxyz/5ire/releases
Share on: