CVE-2026-46580

CVSS 8.4 HIGHEPSS 0.3%CWE-1427 CWE-829

In short

Eclipse Theia automatically loaded AI prompt template files from workspaces, allowing attackers to inject malicious instructions into the AI agent. This could lead to data theft or command execution when users opened untrusted repositories.

Technical detail

CWE-1427 (Uncontrolled Search Path) and CWE-829 (Inclusion of Functionality from Untrusted Control Sphere): Theia versions <1.71.0 automatically loaded .prompts/*.prompttemplate files without validation, enabling indirect prompt injection. Attack vector: local file inclusion from workspace; requires user to open malicious repository in Theia. Impact: compromise of AI agent behavior leading to data exfiltration or command execution via task definitions.

Summary generated and translated by AI from the official description.

In Eclipse Theia versions prior to 1.71.0, files matching the pattern .prompts/*.prompttemplate in a workspace were automatically loaded and could override or extend the AI agent's system prompts. An attacker could craft a malicious repository containing prompt template files that, when the workspace was opened in Theia, replaced the AI's system instructions with attacker-controlled content (indirect prompt injection). Combined with other AI chat features available in untrusted workspaces, this enabled attack chains leading to data exfiltration via Markdown image rendering or arbitrary command execution via task definitions.

CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Affected products

Eclipse Foundation · Eclipse Theia

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://gitlab.eclipse.org/security/cve-assignment/-/work_items/114