CNNVD-202601-3348 Information
CNNVD ID
CNNVD-202601-3348
Related CVE
- CNNVD Published: 2026-01-21
Description (Chinese)
5ire是Ironben个人开发者的一个跨平台的桌面AI助手。 5ire 0.15.3之前版本存在安全漏洞,该漏洞源于不安全的HTML渲染允许不受信任的HTML执行,可能导致攻击者注入恶意载荷执行任意JavaScript,进而实现远程命令执行。
Description (English)
5re is a cross-platform desktop AI assistant to the Ironben personal developer. A security loophole in the pre-5ire 0.15.3 version, which stems from the unsafe HTML rendering allowing untrustworthy HTML execution, could result in the assailant being injected into a malicious payload to carry out arbitrary JavaScript, thus achieving remote command enforcement.
Hazard Level
Low
Vulnerability Type
其他
Affected Vendor
个人开发者
Published
2026-01-21
Last Modified
2026-02-24
References
https://github.com/nanbingxyz/5ire/security/advisories/GHSA-p5fm-wm8g-rffx https://github.com/nanbingxyz/5ire/releases/tag/v0.15.3 https://access.redhat.com/security/cve/cve-2026-22792
Patch
https://github.com/nanbingxyz/5ire/releases
Share on: